From: Cyril Brulebois Date: Sat, 4 Dec 2021 04:03:33 +0000 (+0000) Subject: crowdsec (1.0.9-3) unstable; urgency=medium X-Git-Tag: archive/raspbian/1.0.9-3+rpi1^2~12 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=8fc598cdfb2d29dc6b6dcbb32df02d3f1f09e711;p=crowdsec.git crowdsec (1.0.9-3) unstable; urgency=medium * Backport upstream patches to deal with missing MMDB files gracefully (geolocation files aren't shipped by default): - 5ae69aa293: fix stacktrace when mmdb files are not present (#935) - 4dbbd4b3c4: automatically download files when needed (#895), so that switching to the online hub doesn't require extra steps to fetch files. [dgit import unpatched crowdsec 1.0.9-3] --- 8fc598cdfb2d29dc6b6dcbb32df02d3f1f09e711 diff --cc data1/backdoors.txt index 0000000,0000000,0000000,0000000..d1bb1d5 new file mode 100644 --- /dev/null +++ b/data1/backdoors.txt @@@@@ -1,0 -1,0 -1,0 -1,0 +1,189 @@@@@ ++++c99.php ++++c99shell.php ++++r57.php ++++r58.php ++++dra.php ++++r00t.php ++++root.php ++++mma.php ++++filesman.php ++++Locus7s.php ++++c99-Ultimate.php ++++c100.php ++++Ekin0x.php ++++hacker.php ++++safe0ver.php ++++sniper.php ++++spyshell.php ++++CWShellDumper.php ++++angel.php ++++dq.php ++++cmd.php ++++liz0zim.php ++++simattacker.php ++++tryag.php ++++150.php ++++Ani-Shell.php ++++Crystal.php ++++Dx.php ++++FaTaLisTiCz_Fx.php ++++G5.php ++++NCC-Shell.php ++++NetworkFileManagerPHP.php ++++PHANTASMA.php ++++PHPJackal.php ++++PHPRemoteView.php ++++PHPSPY.php ++++Php_Backdoor.txt.php ++++Private-i3lue.php ++++SnIpEr_SA Shell.php ++++upl0ader.php ++++acid.php ++++antichat.php ++++shell.php ++++udp.php ++++ddos.php ++++b37.php ++++backupsql.php ++++bdotw44shell.php ++++bug.php ++++c37.php ++++c66.php ++++c99-shadows-mod.php ++++c99_PSych0.php ++++c99_locus7s.php ++++c99_madnet.php ++++c99_w4cking.php ++++c99madshell.php ++++c99ud.php ++++c99unlimited.php ++++c99v2.php ++++cbfphpsh.php ++++cihshell_fix.php ++++co.php ++++connect-back.php ++++cpg_143_incl_xpl.php ++++ctt_sh.php ++++cybershell.php ++++egy.php ++++erne.php ++++ex0shell.php ++++g00nv13.php ++++hkrkoz.php ++++ironshell.php ++++isko.php ++++iskorpitx.php ++++itsecteam_shell.php ++++locus.php ++++log.php ++++simple_cmd.php ++++zacosmall.php ++++weevely.php ++++AK-74.php ++++Ajax_PHP_Command_Shell.php ++++Antichat_Shell.php ++++Ayyildiz_Tim.php ++++CasuS-1.5.php ++++CrystalShell.php ++++DTool_Pro.php ++++Dive_Shell.php ++++GRP_WebShell.php ++++Gamma_Web_Shell.php ++++JspWebshell_1.2.php ++++KA_uShell_0.1.6.php ++++Loaderz_WEB_Shell.php ++++Mackers_Private_Shell.php ++++Moroccan_Spamers.php ++++MyShell.php ++++NGH.php ++++NTDaddy_v1.9.php ++++Non-alphanumeric.php ++++PHP_Shell.php ++++PHVayv.php ++++PhpSpy.php ++++Predator.php ++++Rootshell.v.1.0.php ++++STNC_WebShell_v0.8.php ++++Safe0ver_Shell.php ++++Safe_Mode_Bypass.php ++++SimShell.php ++++Simple_PHP_backdoor.php ++++Sincap_1.0.php ++++Small_Web_Shell.php ++++WinX_Shell.php ++++Worse_Linux_Shell.php ++++ZyklonShell.php ++++aZRaiLPhp_v1.0.php ++++alfa3.php ++++andela.php ++++aspydrv.php ++++bloodsecv4.php ++++cgitelnet.php ++++configkillerionkros.php ++++dC3_Security.php ++++g00nshell-v1.3.php ++++jspshell.jsp ++++kral.php ++++lifkaS.php ++++lolipop.php ++++lostDC.php ++++matamu.php ++++megabor.php ++++obfuscated-punknopass.php ++++pHpINJ.php ++++php-backdoor.php ++++punk-nopass.php ++++punkholic.php ++++pws.php ++++qsd-backdoor.php ++++ru24_post_sh.php ++++s72_Shell.php ++++simple-backdoor.php ++++smevk.php ++++soldierofallah.php ++++sosyete.php ++++spygrup.php ++++stres.php ++++wso2.8.5.php ++++zehir4.php ++++cgitelnet.pl ++++cmd.pl ++++dc.pl ++++list.pl ++++up.pl ++++wewo.pl ++++irc.pl ++++pws.pl ++++PerlWebShellbyRST-GHC.pl ++++JspWebshell 1.2.jsp ++++browser.jsp ++++cmd.jsp ++++cmd_win32.jsp ++++jspShell.jsp ++++jspbd.jsp ++++list.jsp ++++up.jsp ++++up_win32.jsp ++++3fexe.asp ++++ASpy.asp ++++EFSO.asp ++++RemExp.asp ++++aspxSH.asp ++++aspxshell.aspx ++++aspydrv.asp ++++cmd.asp ++++cmd.aspx ++++cmdexec.aspx ++++elmaliseker.asp ++++filesystembrowser.aspx ++++fileupload.aspx ++++ntdaddy.asp ++++spexec.aspx ++++sql.aspx ++++tool.asp ++++toolaspshell.asp ++++up.asp ++++zehir.asp ++++zehir.aspx ++++zehir4.asp ++++zehir4.aspx diff --cc data1/bad_user_agents.txt index 0000000,0000000,0000000,0000000..2a68b63 new file mode 100644 --- /dev/null +++ b/data1/bad_user_agents.txt @@@@@ -1,0 -1,0 -1,0 -1,0 +1,614 @@@@@ ++++# MIT License ++++# ++++# Copyright (c) 2017 Mitchell Krog - mitchellkrog@gmail.com ++++# https://github.com/mitchellkrogza ++++# ++++# Permission is hereby granted, free of charge, to any person obtaining a copy ++++# of this software and associated documentation files (the "Software"), to deal ++++# in the Software without restriction, including without limitation the rights ++++# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell ++++# copies of the Software, and to permit persons to whom the Software is ++++# furnished to do so, subject to the following conditions: ++++# ++++# The above copyright notice and this permission notice shall be included in all ++++# copies or substantial portions of the Software. ++++# ++++# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ++++# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ++++# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ++++# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER ++++# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, ++++# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE ++++# SOFTWARE. ++++# ++++360Spider ++++404checker ++++404enemy ++++80legs ++++Abonti ++++Aboundex ++++Aboundexbot ++++Acunetix ++++ADmantX ++++AfD-Verbotsverfahren ++++AIBOT ++++AiHitBot ++++Aipbot ++++Alexibot ++++Alligator ++++AllSubmitter ++++AlphaBot ++++Anarchie ++++Ankit ++++Anthill ++++Apexoo ++++archive.org_bot ++++arquivo.pt ++++arquivo-web-crawler ++++Aspiegel ++++ASPSeek ++++Asterias ++++Attach ++++autoemailspider ++++AwarioRssBot ++++AwarioSmartBot ++++BackDoorBot ++++Backlink-Ceck ++++backlink-check ++++BacklinkCrawler ++++BackStreet ++++BackWeb ++++Badass ++++Bandit ++++Barkrowler ++++BatchFTP ++++Battleztar\ Bazinga ++++BBBike ++++BDCbot ++++BDFetch ++++BetaBot ++++Bigfoot ++++Bitacle ++++Blackboard ++++Black\ Hole ++++BlackWidow ++++BLEXBot ++++Blow ++++BlowFish ++++Boardreader ++++Bolt ++++BotALot ++++Brandprotect ++++Brandwatch ++++Buck ++++Buddy ++++BuiltBotTough ++++BuiltWith ++++Bullseye ++++BunnySlippers ++++BuzzSumo ++++Calculon ++++CATExplorador ++++CazoodleBot ++++CCBot ++++Cegbfeieh ++++CensysInspect ++++check1.exe ++++CheeseBot ++++CherryPicker ++++CheTeam ++++ChinaClaw ++++Chlooe ++++Claritybot ++++Cliqzbot ++++Cloud\ mapping ++++coccocbot-web ++++Cocolyzebot ++++CODE87 ++++Cogentbot ++++cognitiveseo ++++Collector ++++com.plumanalytics ++++Copier ++++CopyRightCheck ++++Copyscape ++++Cosmos ++++Craftbot ++++crawler4j ++++crawler.feedback ++++crawl.sogou.com ++++CrazyWebCrawler ++++Crescent ++++CrunchBot ++++CSHttp ++++Curious ++++Custo ++++CyotekWebCopy ++++DatabaseDriverMysqli ++++DataCha0s ++++DBLBot ++++demandbase-bot ++++Demon ++++Deusu ++++Devil ++++Digincore ++++DigitalPebble ++++DIIbot ++++Dirbuster ++++Disco ++++Discobot ++++Discoverybot ++++Dispatch ++++DittoSpyder ++++DnyzBot ++++DomainAppender ++++DomainCrawler ++++DomainSigmaCrawler ++++Domains\ Project ++++domainsproject.org ++++DomainStatsBot ++++Dotbot ++++Download\ Wonder ++++Dragonfly ++++Drip ++++DSearch ++++DTS\ Agent ++++EasyDL ++++Ebingbong ++++eCatch ++++ECCP/1.0 ++++Ecxi ++++EirGrabber ++++EMail\ Siphon ++++EMail\ Wolf ++++EroCrawler ++++evc-batch ++++Evil ++++Exabot ++++Express\ WebPictures ++++ExtLinksBot ++++Extractor ++++ExtractorPro ++++Extreme\ Picture\ Finder ++++EyeNetIE ++++Ezooms ++++facebookscraper ++++FDM ++++FemtosearchBot ++++FHscan ++++Fimap ++++Firefox/7.0 ++++FlashGet ++++Flunky ++++Foobot ++++Freeuploader ++++FrontPage ++++FyberSpider ++++Fyrebot ++++GalaxyBot ++++Genieo ++++GermCrawler ++++Getintent ++++GetRight ++++GetWeb ++++Gigablast ++++Gigabot ++++G-i-g-a-b-o-t ++++Go-Ahead-Got-It ++++Gotit ++++GoZilla ++++Go!Zilla ++++Grabber ++++GrabNet ++++Grafula ++++GrapeFX ++++GrapeshotCrawler ++++GridBot ++++GT::WWW ++++Haansoft ++++HaosouSpider ++++Harvest ++++Havij ++++HEADMasterSEO ++++heritrix ++++Heritrix ++++Hloader ++++HMView ++++HTMLparser ++++HTTP::Lite ++++HTTrack ++++Humanlinks ++++HybridBot ++++Iblog ++++IDBot ++++IDBTE4M ++++Id-search ++++IlseBot ++++Image\ Fetch ++++Image\ Sucker ++++IndeedBot ++++Indy\ Library ++++InfoNaviRobot ++++InfoTekies ++++instabid ++++Intelliseek ++++InterGET ++++Internet\ Ninja ++++InternetSeer ++++internetVista\ monitor ++++ips-agent ++++Iria ++++IRLbot ++++isitwp.com ++++Iskanie ++++IstellaBot ++++JamesBOT ++++Jbrofuzz ++++JennyBot ++++JetCar ++++Jetty ++++JikeSpider ++++JOC\ Web\ Spider ++++Joomla ++++Jorgee ++++JustView ++++Jyxobot ++++Kenjin\ Spider ++++Keyword\ Density ++++Kinza ++++Kozmosbot ++++Lanshanbot ++++Larbin ++++LeechFTP ++++LeechGet ++++LexiBot ++++Lftp ++++LibWeb ++++Libwhisker ++++LieBaoFast ++++Lightspeedsystems ++++Likse ++++Linkbot ++++Linkdexbot ++++LinkextractorPro ++++LinkpadBot ++++LinkScan ++++LinksManager ++++LinkWalker ++++LinqiaMetadataDownloaderBot ++++LinqiaRSSBot ++++LinqiaScrapeBot ++++Lipperhey ++++Lipperhey\ Spider ++++Litemage_walker ++++Lmspider ++++LNSpiderguy ++++Ltx71 ++++lwp-request ++++LWP::Simple ++++lwp-trivial ++++Magnet ++++Mag-Net ++++magpie-crawler ++++Mail.RU_Bot ++++Majestic12 ++++Majestic-SEO ++++Majestic\ SEO ++++MarkMonitor ++++MarkWatch ++++Masscan ++++masscan ++++Mass\ Downloader ++++Mata\ Hari ++++MauiBot ++++Mb2345Browser ++++meanpathbot ++++Meanpathbot ++++MeanPath\ Bot ++++Mediatoolkitbot ++++mediawords ++++MegaIndex.ru ++++Metauri ++++MFC_Tear_Sample ++++MicroMessenger ++++Microsoft\ Data\ Access ++++Microsoft\ URL\ Control ++++MIDown\ tool ++++MIIxpc ++++Mister\ PiX ++++MJ12bot ++++Mojeek ++++Mojolicious ++++Morfeus\ Fucking\ Scanner ++++Mozlila ++++MQQBrowser ++++Mr.4x3 ++++MSFrontPage ++++MSIECrawler ++++Msrabot ++++muhstik-scan ++++Musobot ++++Name\ Intelligence ++++Nameprotect ++++Navroad ++++NearSite ++++Needle ++++Nessus ++++NetAnts ++++Netcraft ++++netEstate\ NE\ Crawler ++++NetLyzer ++++NetMechanic ++++NetSpider ++++Nettrack ++++Net\ Vampire ++++Netvibes ++++NetZIP ++++NextGenSearchBot ++++Nibbler ++++NICErsPRO ++++Niki-bot ++++Nikto ++++NimbleCrawler ++++Nimbostratus ++++Ninja ++++Nuclei ++++Nmap ++++NPbot ++++Nutch ++++oBot ++++Octopus ++++Offline\ Explorer ++++Offline\ Navigator ++++OnCrawl ++++Openfind ++++OpenLinkProfiler ++++Openvas ++++OpenVAS ++++OPPO A33 ++++OrangeBot ++++OrangeSpider ++++OutclicksBot ++++OutfoxBot ++++PageAnalyzer ++++Page\ Analyzer ++++PageGrabber ++++page\ scorer ++++PageScorer ++++Pandalytics ++++Panscient ++++Papa\ Foto ++++Pavuk ++++pcBrowser ++++PECL::HTTP ++++PeoplePal ++++Petalbot ++++PHPCrawl ++++Picscout ++++Picsearch ++++PictureFinder ++++Pimonster ++++Pi-Monster ++++Pixray ++++PleaseCrawl ++++plumanalytics ++++Pockey ++++POE-Component-Client-HTTP ++++polaris\ version ++++Probethenet ++++ProPowerBot ++++ProWebWalker ++++Psbot ++++Pump ++++PxBroker ++++PyCurl ++++QueryN\ Metasearch ++++Quick-Crawler ++++RankActive ++++RankActiveLinkBot ++++RankFlex ++++RankingBot ++++RankingBot2 ++++Rankivabot ++++RankurBot ++++RealDownload ++++Reaper ++++RebelMouse ++++Recorder ++++RedesScrapy ++++ReGet ++++RepoMonkey ++++Ripper ++++RocketCrawler ++++Rogerbot ++++RSSingBot ++++s1z.ru ++++SalesIntelligent ++++satoristudio.net ++++SBIder ++++ScanAlert ++++Scanbot ++++scan.lol ++++ScoutJet ++++Scrapy ++++Screaming ++++ScreenerBot ++++Searchestate ++++SearchmetricsBot ++++SentiBot ++++SEOkicks ++++SEOkicks-Robot ++++SEOlyticsCrawler ++++Seomoz ++++SEOprofiler ++++seoscanners ++++SeoSiteCheckup ++++SEOstats ++++serpstatbot ++++sexsearcher ++++Shodan ++++Siphon ++++SISTRIX ++++Sitebeam ++++SiteCheckerBotCrawler ++++sitechecker.pro ++++SiteExplorer ++++Siteimprove ++++SiteLockSpider ++++SiteSnagger ++++SiteSucker ++++Site\ Sucker ++++Sitevigil ++++SlySearch ++++SmartDownload ++++SMTBot ++++Snake ++++Snapbot ++++Snoopy ++++SocialRankIOBot ++++Sociscraper ++++sogouspider ++++Sogou\ web\ spider ++++Sosospider ++++Sottopop ++++SpaceBison ++++Spammen ++++SpankBot ++++Spanner ++++sp_auditbot ++++Spbot ++++Spinn3r ++++SputnikBot ++++spyfu ++++Sqlmap ++++Sqlworm ++++Sqworm ++++Steeler ++++Stripper ++++Sucker ++++Sucuri ++++SuperBot ++++SuperHTTP ++++Surfbot ++++SurveyBot ++++Suzuran ++++Swiftbot ++++sysscan ++++Szukacz ++++T0PHackTeam ++++T8Abot ++++tAkeOut ++++Teleport ++++TeleportPro ++++Telesoft ++++Telesphoreo ++++Telesphorep ++++The\ Intraformant ++++TheNomad ++++Thumbor ++++TightTwatBot ++++Titan ++++Toata ++++Toweyabot ++++Tracemyfile ++++Trendiction ++++Trendictionbot ++++trendiction.com ++++trendiction.de ++++True_Robot ++++Turingos ++++Turnitin ++++TurnitinBot ++++TwengaBot ++++Twice ++++Typhoeus ++++UnisterBot ++++Upflow ++++URLy.Warning ++++URLy\ Warning ++++Vacuum ++++Vagabondo ++++VB\ Project ++++VCI ++++VelenPublicWebCrawler ++++VeriCiteCrawler ++++VidibleScraper ++++Virusdie ++++VoidEYE ++++Voil ++++Voltron ++++Wallpapers/3.0 ++++WallpapersHD ++++WASALive-Bot ++++WBSearchBot ++++Webalta ++++WebAuto ++++Web\ Auto ++++WebBandit ++++WebCollage ++++Web\ Collage ++++WebCopier ++++WEBDAV ++++WebEnhancer ++++Web\ Enhancer ++++WebFetch ++++Web\ Fetch ++++WebFuck ++++Web\ Fuck ++++WebGo\ IS ++++WebImageCollector ++++WebLeacher ++++WebmasterWorldForumBot ++++webmeup-crawler ++++WebPix ++++Web\ Pix ++++WebReaper ++++WebSauger ++++Web\ Sauger ++++Webshag ++++WebsiteExtractor ++++WebsiteQuester ++++Website\ Quester ++++Webster ++++WebStripper ++++WebSucker ++++Web\ Sucker ++++WebWhacker ++++WebZIP ++++WeSEE ++++Whack ++++Whacker ++++Whatweb ++++Who.is\ Bot ++++Widow ++++WinHTTrack ++++WiseGuys\ Robot ++++WISENutbot ++++Wonderbot ++++Woobot ++++Wotbox ++++Wprecon ++++WPScan ++++WWW-Collector-E ++++WWW-Mechanize ++++WWW::Mechanize ++++WWWOFFLE ++++x09Mozilla ++++x22Mozilla ++++Xaldon_WebSpider ++++Xaldon\ WebSpider ++++Xenu ++++xpymep1.exe ++++YoudaoBot ++++Zade ++++Zauba ++++zauba.io ++++Zermelo ++++Zeus ++++zgrab ++++Zitebot ++++ZmEu ++++ZoomBot ++++ZoominfoBot ++++ZumBot ++++ZyBorg diff --cc data1/cloudflare_ips.txt index 0000000,0000000,0000000,0000000..2800771 new file mode 100644 --- /dev/null +++ b/data1/cloudflare_ips.txt @@@@@ -1,0 -1,0 -1,0 -1,0 +1,14 @@@@@ ++++173.245.48.0/20 ++++103.21.244.0/22 ++++103.22.200.0/22 ++++103.31.4.0/22 ++++141.101.64.0/18 ++++108.162.192.0/18 ++++190.93.240.0/20 ++++188.114.96.0/20 ++++197.234.240.0/22 ++++198.41.128.0/17 ++++162.158.0.0/15 ++++104.16.0.0/12 ++++172.64.0.0/13 ++++131.0.72.0/22 diff --cc data1/http_path_traversal.txt index 0000000,0000000,0000000,0000000..28abc59 new file mode 100644 --- /dev/null +++ b/data1/http_path_traversal.txt @@@@@ -1,0 -1,0 -1,0 -1,0 +1,32 @@@@@ ++++../ ++++..\ ++++..\/ ++++%2e%2e%2f ++++%2E%2E%2F ++++%252e%252e%252f ++++%252E%252E%252F ++++/etc/passwd ++++/etc/hosts ++++/etc/shadow ++++/etc/groups ++++%2fetc%2fhosts ++++%2fetc%2fshadow ++++%2fetc%2fgroups ++++%2fetc%2fpasswd ++++%2Fetc%2Fhosts ++++%2Fetc%2Fshadow ++++%2Fetc%2Fgroups ++++%2Fetc%2Fpasswd ++++=file:// ++++=zip:// ++++=php:// ++++=expect:// ++++=data:// ++++/proc/self/ ++++/var/log/ ++++c:\win.ini ++++c:/win.ini ++++C:/inetpub/wwwroot/global.asa ++++C:\inetpub\wwwroot\global.asa ++++C:/boot.ini ++++C:\boot.ini diff --cc data1/ip_seo_bots.txt index 0000000,0000000,0000000,0000000..a7e9e17 new file mode 100644 --- /dev/null +++ b/data1/ip_seo_bots.txt @@@@@ -1,0 -1,0 -1,0 -1,0 +1,15 @@@@@ ++++# duckduckBot ++++23.21.227.69/32 ++++40.88.21.235/32 ++++50.16.241.113/32 ++++50.16.241.114/32 ++++50.16.241.117/32 ++++50.16.247.234/32 ++++52.204.97.54/32 ++++52.5.190.19/32 ++++54.197.234.188/32 ++++54.208.100.253/32 ++++54.208.102.37/32 ++++107.21.1.8/32 ++++#pinterest: https://help.pinterest.com/en/business/article/pinterest-crawler ++++54.236.1.0/24 diff --cc data1/rdns_seo_bots.regex index 0000000,0000000,0000000,0000000..f7caf2b new file mode 100644 --- /dev/null +++ b/data1/rdns_seo_bots.regex @@@@@ -1,0 -1,0 -1,0 -1,0 +1,3 @@@@@ ++++rate-limited-proxy-[0-9]{1,3}-[0-9]{1,3}-[0-9]{1,3}-[0-9]{1,3}.google.com.$ ++++crawl-[0-9]{1,3}-[0-9]{1,3}-[0-9]{1,3}-[0-9]{1,3}.googlebot.com.$ ++++google-proxy-[0-9]{1,3}-[0-9]{1,3}-[0-9]{1,3}-[0-9]{1,3}.google.com.$ diff --cc data1/rdns_seo_bots.txt index 0000000,0000000,0000000,0000000..f6d94d8 new file mode 100644 --- /dev/null +++ b/data1/rdns_seo_bots.txt @@@@@ -1,0 -1,0 -1,0 -1,0 +1,9 @@@@@ ++++.googlebot.com. ++++.yandex.ru. ++++.yandex.net. ++++.yandex.com. ++++.search.msn.com. ++++.crawl.baidu.com. ++++.crawl.baidu.jp. ++++.crawl.yahoo.net. ++++.search.qwant.com. diff --cc data1/sensitive_data.txt index 0000000,0000000,0000000,0000000..b194ac2 new file mode 100644 --- /dev/null +++ b/data1/sensitive_data.txt @@@@@ -1,0 -1,0 -1,0 -1,0 +1,41 @@@@@ ++++.sql ++++.sql.gz ++++.sql.tar ++++.sql.bzip2 ++++.sql.bz2 ++++.sql.zip ++++.sql.rar ++++.sql.7z ++++.bash_history ++++.bashrc ++++.cache ++++.config ++++.cvs ++++.cvsignore ++++.env ++++.forward ++++.git/HEAD ++++.git ++++.history ++++.hta ++++.htaccess ++++.htpasswd ++++.listing ++++.listings ++++.mysql_history ++++.passwd ++++.pwd ++++.perf ++++.profile ++++.rhosts ++++.sh_history ++++.ssh ++++.subversion ++++.svn ++++.svn/entries ++++.bak ++++.exe ++++.bat ++++.dll ++++.printer ++++.pac diff --cc data1/sqli_probe_patterns.txt index 0000000,0000000,0000000,0000000..98c64ef new file mode 100644 --- /dev/null +++ b/data1/sqli_probe_patterns.txt @@@@@ -1,0 -1,0 -1,0 -1,0 +1,18 @@@@@ ++++%40%40version ++++..xp_cmdshell ++++information_schema.tables ++++%20union%20all%20select%20 ++++%20union%20select%20 ++++%2cnull%2cnull ++++benchmark%28 ++++load_file%28 ++++substr%28 ++++substring%28 ++++selectchar%28 ++++%7c%7cchr%28 ++++distinct%28 ++++pg_sleep%28 ++++sleep%28 ++++upper%28 ++++hex%28 ++++md5%28 diff --cc data1/xss_probe_patterns.txt index 0000000,0000000,0000000,0000000..cb5ef37 new file mode 100644 --- /dev/null +++ b/data1/xss_probe_patterns.txt @@@@@ -1,0 -1,0 -1,0 -1,0 +1,34 @@@@@ ++++ instead. ++++ ++++If switching back to the offline hub, `/var/lib/crowdsec/hub` is ++++cleaned up (downloaded items are removed), and it starts pointing at ++++the offline hub again. diff --cc debian/changelog index 0000000,0000000,0000000,0000000..57173a1 new file mode 100644 --- /dev/null +++ b/debian/changelog @@@@@ -1,0 -1,0 -1,0 -1,0 +1,149 @@@@@ ++++crowdsec (1.0.9-3) unstable; urgency=medium ++++ ++++ * Backport upstream patches to deal with missing MMDB files gracefully ++++ (geolocation files aren't shipped by default): ++++ - 5ae69aa293: fix stacktrace when mmdb files are not present (#935) ++++ - 4dbbd4b3c4: automatically download files when needed (#895), so ++++ that switching to the online hub doesn't require extra steps to ++++ fetch files. ++++ ++++ -- Cyril Brulebois Sat, 04 Dec 2021 05:03:33 +0100 ++++ ++++crowdsec (1.0.9-2) unstable; urgency=medium ++++ ++++ * Backport hub patch from upstream to fix false positives due to ++++ substring matches (https://github.com/crowdsecurity/hub/pull/197): ++++ + 0009-Improve-http-bad-user-agent-use-regexp-197.patch ++++ ++++ -- Cyril Brulebois Mon, 03 May 2021 07:29:06 +0000 ++++ ++++crowdsec (1.0.9-1) unstable; urgency=medium ++++ ++++ * New upstream stable release: ++++ + Improve documentation. ++++ + Fix disabled Central API use case: without Central API credentials ++++ in the relevant config file, crowdsec would still try and establish ++++ a connection. ++++ * Add patch to disable broken scenario (ban-report-ssh_bf_report, #181): ++++ + 0008-hub-disable-broken-scenario.patch ++++ * Add logrotate config for /var/log/crowdsec{,_api}.log (weekly, 4). ++++ ++++ -- Cyril Brulebois Mon, 15 Mar 2021 01:19:43 +0100 ++++ ++++crowdsec (1.0.8-2) unstable; urgency=medium ++++ ++++ * Update postinst to also strip ltsich/ when installing symlinks ++++ initially (new vendor in recent hub files, in addition to the usual ++++ crowdsecurity/). ++++ ++++ -- Cyril Brulebois Tue, 02 Mar 2021 01:29:29 +0000 ++++ ++++crowdsec (1.0.8-1) unstable; urgency=medium ++++ ++++ * New upstream stable release. ++++ * Refresh patches: ++++ + 0001-use-a-local-machineid-implementation.patch (unfuzzy) ++++ + 0002-add-compatibility-for-older-sqlite-driver.patch ++++ * Set cwversion variables through debian/rules (build metadata). ++++ * Add patch so that upstream's crowdsec.service is correct on Debian: ++++ + 0003-adjust-systemd-unit.patch ++++ * Really add lintian overrides for hardening-no-pie warnings. ++++ * Ship patterns below /etc/crowdsec/patterns: they're supposed to be ++++ stable over time, and it's advised not to modify them, but let's allow ++++ for some configurability. ++++ * Include a snapshot of hub files from the master branch, at commit ++++ d8a8509bdf: hub1. Further updates for a given crowdsec upstream ++++ version will be numbered hubN. After a while, they will be generated ++++ from a dedicated vX.Y.Z branch instead of from master. ++++ * Implement a generate_hub_tarball target in debian/rules to automate ++++ generating a tarball for hub files. ++++ * Add patch to disable geoip-enrich in the hub files as it requires ++++ downloading some files from the network that aren't under the usual ++++ MIT license: ++++ + 0004-disable-geoip-enrich.patch ++++ * Ship a selection of hub files in /usr/share/crowdsec/hub so that ++++ crowdsec can be set up without having to download data from the ++++ collaborative hub (https://hub.crowdsec.net/). ++++ * Ditto for some data files (in /usr/share/crowdsec/data). ++++ * Use DH_GOLANG_EXCLUDES to avoid including extra Go files from the ++++ hub into the build directory. ++++ * Implement an extract_hub_tarball target in debian/rules to automate ++++ extracting hub files from the tarball. ++++ * Implement an extract_data_tarball target in debian/rules to automate ++++ extracting data files from the tarball. ++++ * Ship crowdsec-cli (automated Golang naming) as cscli (upstream's ++++ preference). ++++ * Add patch to adjust the default config: ++++ + 0005-adjust-config.patch ++++ * Ship config/config.yaml accordingly, along with the config files it ++++ references. ++++ * Also adjust the hub_branch variable in config.yaml, pointing to the ++++ branch related to the current upstream release instead of master. ++++ * Create /var/lib/crowdsec/{data,hub} directories. ++++ * Implement configure in postinst to generate credentials files: ++++ Implement a simple agent setup with a Local API (LAPI), and with an ++++ automatic registration to the Central API (CAPI). The latter can be ++++ disabled by creating a /etc/crowdsec/online_api_credentials.yaml file ++++ containing a comment (e.g. “# no thanks”) before installing this ++++ package. ++++ * Implement purge in postrm. Drop all of /etc/crowdsec except ++++ online_api_credentials.yaml if this file doesn't seem to have been ++++ created during CAPI registration (likely because an admin created the ++++ file in advance to prevent it). Also remove everything below ++++ /var/lib/crowdsec/{data,hub}, along with log files. ++++ * Implement custom enable-online-hub and disable-online-hub actions in ++++ postinst. The latter is called once automatically to make sure the ++++ offline hub is ready to use. See README.Debian for details. ++++ * Also enable all items using the offline hub on fresh installation. ++++ * Add patch advertising `systemctl restart crowdsec` when updating the ++++ configuration: reload doesn't work at the moment (#656 upstream). ++++ + 0006-prefer-systemctl-restart.patch ++++ * Add patch automating switching from the offline hub to the online hub ++++ when `cscli hub update` is called: ++++ + 0007-automatically-enable-online-hub.patch ++++ * Add lintian override accordingly: uses-dpkg-database-directly. ++++ * Add ca-certificates to Depends for the CAPI registration. ++++ * Create /etc/machine-id if it doesn't exist already (e.g. in piuparts ++++ environments). ++++ ++++ -- Cyril Brulebois Tue, 02 Mar 2021 00:25:48 +0000 ++++ ++++crowdsec (1.0.4-1) unstable; urgency=medium ++++ ++++ * New upstream release. ++++ * Bump copyright years. ++++ * Bump golang-github-facebook-ent-dev build-dep. ++++ * Swap Maintainer/Uploaders: the current plan is for me to keep in touch ++++ with upstream to coordinate packaging work in Debian. Help from fellow ++++ members of the Debian Go Packaging Team is very welcome, though! ++++ * Fix typos in the long description, and merge upstream's review. ++++ * Refresh patch: ++++ + 0001-use-a-local-machineid-implementation.patch ++++ * Drop patch (merged upstream): ++++ + 1001-fix-docker-container-creation-for-metabase-563.patch ++++ ++++ -- Cyril Brulebois Wed, 03 Feb 2021 08:54:24 +0000 ++++ ++++crowdsec (1.0.2-1) unstable; urgency=medium ++++ ++++ * Initial release (Closes: #972573): start by shipping binaries, ++++ while better integration is being worked on with upstream: ++++ documentation and assisted configuration are coming up. ++++ * Version some build-deps as earlier versions are known not to work. ++++ * Use a local machineid implementation instead of depending on an ++++ extra package: ++++ + 0001-use-a-local-machineid-implementation.patch ++++ * Use a syntax that's compatible with version 1.6.0 of the sqlite3 ++++ driver: ++++ + 0002-add-compatibility-for-older-sqlite-driver.patch ++++ * Backport upstream fix for golang-github-docker-docker-dev version ++++ currently in unstable: ++++ + 1001-fix-docker-container-creation-for-metabase-563.patch ++++ * Install all files in the build directory so that the testsuite finds ++++ required test data that's scattered all over the place. ++++ * Add systemd to Build-Depends for the testsuite, so that it finds ++++ the journalctl binary. ++++ * Add lintian overrides for the hardening-no-pie warnings: PIE is not ++++ relevant for Go packages. ++++ ++++ -- Cyril Brulebois Thu, 14 Jan 2021 02:46:18 +0000 diff --cc debian/control index 0000000,0000000,0000000,0000000..47eba50 new file mode 100644 --- /dev/null +++ b/debian/control @@@@@ -1,0 -1,0 -1,0 -1,0 +1,99 @@@@@ ++++Source: crowdsec ++++Maintainer: Cyril Brulebois ++++Uploaders: Debian Go Packaging Team ++++Section: golang ++++Testsuite: autopkgtest-pkg-go ++++Priority: optional ++++Build-Depends: debhelper-compat (= 13), ++++ dh-golang, ++++ golang-any, ++++ golang-github-alecaivazis-survey-dev, ++++ golang-github-antonmedv-expr-dev, ++++ golang-github-appleboy-gin-jwt-dev, ++++ golang-github-buger-jsonparser-dev, ++++ golang-github-coreos-go-systemd-dev, ++++ golang-github-davecgh-go-spew-dev, ++++ golang-github-dghubble-sling-dev, ++++ golang-github-docker-docker-dev, ++++ golang-github-docker-go-connections-dev, ++++ golang-github-enescakir-emoji-dev, ++++ golang-github-facebook-ent-dev (>= 0.5.4), ++++ golang-github-gin-gonic-gin-dev (>= 1.6.3), ++++ golang-github-go-co-op-gocron-dev, ++++ golang-github-go-openapi-errors-dev, ++++ golang-github-go-openapi-strfmt-dev, ++++ golang-github-go-openapi-swag-dev, ++++ golang-github-go-openapi-validate-dev, ++++ golang-github-go-sql-driver-mysql-dev, ++++ golang-github-google-go-querystring-dev, ++++ golang-github-goombaio-namegenerator-dev, ++++ golang-github-hashicorp-go-version-dev, ++++ golang-github-logrusorgru-grokky-dev, ++++ golang-github-mattn-go-sqlite3-dev, ++++ golang-github-mohae-deepcopy-dev, ++++ golang-github-nxadm-tail-dev, ++++ golang-github-olekukonko-tablewriter-dev, ++++ golang-github-opencontainers-image-spec-dev, ++++ golang-github-oschwald-geoip2-golang-dev (>= 1.2), ++++ golang-github-oschwald-maxminddb-golang-dev (>= 1.4), ++++ golang-github-pkg-errors-dev, ++++ golang-github-prometheus-client-model-dev, ++++ golang-github-prometheus-prom2json-dev, ++++ golang-github-spf13-cobra-dev, ++++ golang-github-stretchr-testify-dev, ++++ golang-golang-x-crypto-dev, ++++ golang-golang-x-mod-dev, ++++ golang-golang-x-sys-dev, ++++ golang-gopkg-natefinch-lumberjack.v2-dev, ++++ golang-gopkg-tomb.v2-dev, ++++ golang-logrus-dev, ++++ golang-pq-dev, ++++ golang-prometheus-client-dev, ++++ golang-yaml.v2-dev, ++++ systemd ++++Standards-Version: 4.5.0 ++++Vcs-Browser: https://salsa.debian.org/go-team/packages/crowdsec ++++Vcs-Git: https://salsa.debian.org/go-team/packages/crowdsec.git ++++Homepage: https://github.com/crowdsecurity/crowdsec ++++Rules-Requires-Root: no ++++XS-Go-Import-Path: github.com/crowdsecurity/crowdsec ++++ ++++Package: crowdsec ++++Architecture: any ++++Depends: ca-certificates, ++++ ${misc:Depends}, ++++ ${shlibs:Depends} ++++Built-Using: ${misc:Built-Using} ++++Description: lightweight and collaborative security engine ++++ CrowdSec is a lightweight security engine, able to detect and remedy ++++ aggressive network behavior. It can leverage and also enrich a ++++ global community-wide IP reputation database, to help fight online ++++ cybersec aggressions in a collaborative manner. ++++ . ++++ CrowdSec can read many log sources, parse and also enrich them, in ++++ order to detect specific scenarios, that usually represent malevolent ++++ behavior. Parsers, Enrichers, and Scenarios are YAML files that can ++++ be shared and downloaded through a specific Hub, as well as be created ++++ or adapted locally. ++++ . ++++ Detection results are available for CrowdSec, its CLI tools and ++++ bouncers via an HTTP API. Triggered scenarios lead to an alert, which ++++ often results in a decision (e.g. IP banned for 4 hours) that can be ++++ consumed by bouncers (software components enforcing a decision, such ++++ as an iptables ban, an nginx lua script, or any custom user script). ++++ . ++++ The CLI allows users to deploy a Metabase Docker image to provide ++++ simple-to-deploy dashboards of ongoing activity. The CrowdSec daemon ++++ is also instrumented with Prometheus to provide observability. ++++ . ++++ CrowdSec can be used against live logs (“à la fail2ban”), but can ++++ also work on cold logs to help, in a forensic context, to build an ++++ analysis for past events. ++++ . ++++ On top of that, CrowdSec aims at sharing detection signals amongst ++++ all participants, to pre-emptively allow users to block likely ++++ attackers. To achieve this, minimal meta-information about the attack ++++ is shared with the CrowdSec organization for further retribution. ++++ . ++++ Users can also decide not to take part into the collective effort via ++++ the central API, but to register on a local API instead. diff --cc debian/copyright index 0000000,0000000,0000000,0000000..3655bce new file mode 100644 --- /dev/null +++ b/debian/copyright @@@@@ -1,0 -1,0 -1,0 -1,0 +1,74 @@@@@ ++++Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ ++++Upstream-Name: crowdsec ++++Upstream-Contact: contact@crowdsec.net ++++Source: https://github.com/crowdsecurity/crowdsec ++++ ++++Files: * ++++Copyright: 2020-2021 crowdsecurity ++++License: Expat ++++ ++++Files: pkg/time ++++Copyright: 2009-2015 The Go Authors ++++ 2020 crowdsecurity ++++License: BSD-3 ++++Comment: improved version of x/time/rate ++++ ++++Files: data*/bad_user_agents.txt ++++Copyright: 2017 Mitchell Krog ++++License: Expat ++++ ++++Files: hub*/parsers/s01-parse/crowdsecurity/postfix-logs.yaml ++++Copyright: 2014, 2015 Rudy Gevaert ++++ 2020 Crowdsec ++++License: Expat ++++ ++++Files: debian/* ++++Copyright: 2020-2021 Cyril Brulebois ++++License: Expat ++++Comment: Debian packaging is licensed under the same terms as upstream ++++ ++++License: Expat ++++ Permission is hereby granted, free of charge, to any person obtaining a copy ++++ of this software and associated documentation files (the "Software"), to deal ++++ in the Software without restriction, including without limitation the rights ++++ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell ++++ copies of the Software, and to permit persons to whom the Software is ++++ furnished to do so, subject to the following conditions: ++++ . ++++ The above copyright notice and this permission notice shall be included in all ++++ copies or substantial portions of the Software. ++++ . ++++ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR ++++ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, ++++ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE ++++ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER ++++ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, ++++ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE ++++ SOFTWARE. ++++ ++++License: BSD-3 ++++ Redistribution and use in source and binary forms, with or without ++++ modification, are permitted provided that the following conditions are ++++ met: ++++ . ++++ * Redistributions of source code must retain the above copyright ++++ notice, this list of conditions and the following disclaimer. ++++ * Redistributions in binary form must reproduce the above ++++ copyright notice, this list of conditions and the following disclaimer ++++ in the documentation and/or other materials provided with the ++++ distribution. ++++ * Neither the name of Google Inc. nor the names of its ++++ contributors may be used to endorse or promote products derived from ++++ this software without specific prior written permission. ++++ . ++++ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ++++ "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT ++++ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR ++++ A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT ++++ OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++++ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT ++++ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++++ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++++ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++++ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE ++++ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --cc debian/crowdsec.logrotate index 0000000,0000000,0000000,0000000..d4756ba new file mode 100644 --- /dev/null +++ b/debian/crowdsec.logrotate @@@@@ -1,0 -1,0 -1,0 -1,0 +1,9 @@@@@ ++++/var/log/crowdsec.log ++++/var/log/crowdsec_api.log ++++{ ++++ rotate 4 ++++ weekly ++++ compress ++++ missingok ++++ notifempty ++++} diff --cc debian/dirs index 0000000,0000000,0000000,0000000..3970fa5 new file mode 100644 --- /dev/null +++ b/debian/dirs @@@@@ -1,0 -1,0 -1,0 -1,0 +1,2 @@@@@ ++++/var/lib/crowdsec/data ++++/var/lib/crowdsec/hub diff --cc debian/gbp.conf index 0000000,0000000,0000000,0000000..3d450c2 new file mode 100644 --- /dev/null +++ b/debian/gbp.conf @@@@@ -1,0 -1,0 -1,0 -1,0 +1,3 @@@@@ ++++[DEFAULT] ++++debian-branch = debian/sid ++++dist = DEP14 diff --cc debian/gitlab-ci.yml index 0000000,0000000,0000000,0000000..594e14e new file mode 100644 --- /dev/null +++ b/debian/gitlab-ci.yml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,6 @@@@@ ++++# auto-generated, DO NOT MODIFY. ++++# The authoritative copy of this file lives at: ++++# https://salsa.debian.org/go-team/infra/pkg-go-tools/blob/master/config/gitlabciyml.go ++++--- ++++include: ++++ - https://salsa.debian.org/go-team/infra/pkg-go-tools/-/raw/master/pipeline/test-archive.yml diff --cc debian/install index 0000000,0000000,0000000,0000000..98e98d9 new file mode 100644 --- /dev/null +++ b/debian/install @@@@@ -1,0 -1,0 -1,0 -1,0 +1,16 @@@@@ ++++# Main config: ++++config/config.yaml etc/crowdsec/ ++++# Referenced configs: ++++config/acquis.yaml etc/crowdsec/ ++++config/profiles.yaml etc/crowdsec/ ++++config/simulation.yaml etc/crowdsec/ ++++ ++++config/patterns/* etc/crowdsec/patterns ++++config/crowdsec.service lib/systemd/system ++++hub*/blockers usr/share/crowdsec/hub ++++hub*/collections usr/share/crowdsec/hub ++++hub*/parsers usr/share/crowdsec/hub ++++hub*/postoverflows usr/share/crowdsec/hub ++++hub*/scenarios usr/share/crowdsec/hub ++++hub*/.index.json usr/share/crowdsec/hub ++++data*/* usr/share/crowdsec/data diff --cc debian/lintian-overrides index 0000000,0000000,0000000,0000000..09e5eec new file mode 100644 --- /dev/null +++ b/debian/lintian-overrides @@@@@ -1,0 -1,0 -1,0 -1,0 +1,9 @@@@@ ++++# PIE is not relevant for Go packages (for reference, lintian's ++++# $built_with_golang variable is the one that's not set properly ++++# for this package, meaning this tag is emitted regardless): ++++crowdsec: hardening-no-pie usr/bin/crowdsec ++++crowdsec: hardening-no-pie usr/bin/cscli ++++ ++++# The postinst script implements custom actions, sharing code with the ++++# "configure" one: ++++crowdsec: uses-dpkg-database-directly usr/bin/cscli diff --cc debian/patches/0001-use-a-local-machineid-implementation.patch index 0000000,0000000,0000000,0000000..c533644 new file mode 100644 --- /dev/null +++ b/debian/patches/0001-use-a-local-machineid-implementation.patch @@@@@ -1,0 -1,0 -1,0 -1,0 +1,82 @@@@@ ++++From: Cyril Brulebois ++++Date: Thu, 7 Jan 2021 17:07:12 +0000 ++++Subject: Use local machineid implementation ++++ ++++Let's avoid a dependency on an extra package (denisbrodbeck/machineid), ++++since its ID() function is mostly about trying to read from two files. ++++ ++++Signed-off-by: Manuel Sabban ++++Signed-off-by: Cyril Brulebois ++++ ++++--- ++++ cmd/crowdsec-cli/machines.go | 2 +- ++++ go.mod | 1 - ++++ go.sum | 2 -- ++++ pkg/machineid/machineid.go | 29 +++++++++++++++++++++++++++++ ++++ 4 files changed, 30 insertions(+), 4 deletions(-) ++++ create mode 100644 pkg/machineid/machineid.go ++++ ++++--- a/cmd/crowdsec-cli/machines.go +++++++ b/cmd/crowdsec-cli/machines.go ++++@@ -13,7 +13,7 @@ import ( ++++ "github.com/AlecAivazis/survey/v2" ++++ "github.com/crowdsecurity/crowdsec/pkg/csconfig" ++++ "github.com/crowdsecurity/crowdsec/pkg/database" ++++- "github.com/denisbrodbeck/machineid" +++++ "github.com/crowdsecurity/crowdsec/pkg/machineid" ++++ "github.com/enescakir/emoji" ++++ "github.com/go-openapi/strfmt" ++++ "github.com/olekukonko/tablewriter" ++++--- a/go.mod +++++++ b/go.mod ++++@@ -11,7 +11,6 @@ require ( ++++ github.com/containerd/containerd v1.4.3 // indirect ++++ github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf ++++ github.com/davecgh/go-spew v1.1.1 ++++- github.com/denisbrodbeck/machineid v1.0.1 ++++ github.com/dghubble/sling v1.3.0 ++++ github.com/docker/distribution v2.7.1+incompatible // indirect ++++ github.com/docker/docker v20.10.2+incompatible ++++--- /dev/null +++++++ b/pkg/machineid/machineid.go ++++@@ -0,0 +1,29 @@ +++++package machineid +++++ +++++import ( +++++ "io/ioutil" +++++ "strings" +++++) +++++ +++++const ( +++++ // dbusPath is the default path for dbus machine id. +++++ dbusPath = "/var/lib/dbus/machine-id" +++++ // dbusPathEtc is the default path for dbus machine id located in /etc. +++++ // Some systems (like Fedora 20) only know this path. +++++ // Sometimes it's the other way round. +++++ dbusPathEtc = "/etc/machine-id" +++++) +++++ +++++// idea of code is stolen from https://github.com/denisbrodbeck/machineid/ +++++// but here we are on Debian GNU/Linux +++++func ID() (string, error) { +++++ id, err := ioutil.ReadFile(dbusPath) +++++ if err != nil { +++++ // try fallback path +++++ id, err = ioutil.ReadFile(dbusPathEtc) +++++ } +++++ if err != nil { +++++ return "", err +++++ } +++++ return strings.TrimSpace(string(id)), nil +++++} ++++--- a/go.sum +++++++ b/go.sum ++++@@ -112,8 +112,6 @@ github.com/davecgh/go-spew v0.0.0-201610 ++++ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= ++++ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= ++++ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= ++++-github.com/denisbrodbeck/machineid v1.0.1 h1:geKr9qtkB876mXguW2X6TU4ZynleN6ezuMSRhl4D7AQ= ++++-github.com/denisbrodbeck/machineid v1.0.1/go.mod h1:dJUwb7PTidGDeYyUBmXZ2GphQBbjJCrnectwCyxcUSI= ++++ github.com/dghubble/sling v1.3.0 h1:pZHjCJq4zJvc6qVQ5wN1jo5oNZlNE0+8T/h0XeXBUKU= ++++ github.com/dghubble/sling v1.3.0/go.mod h1:XXShWaBWKzNLhu2OxikSNFrlsvowtz4kyRuXUG7oQKY= ++++ github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM= diff --cc debian/patches/0002-add-compatibility-for-older-sqlite-driver.patch index 0000000,0000000,0000000,0000000..95fe0c3 new file mode 100644 --- /dev/null +++ b/debian/patches/0002-add-compatibility-for-older-sqlite-driver.patch @@@@@ -1,0 -1,0 -1,0 -1,0 +1,23 @@@@@ ++++From: Cyril Brulebois ++++Date: Fri, 8 Jan 2021 17:27:15 +0000 ++++Subject: Use _foreign_keys=1 instead of _fk=1 ++++ ++++The _foreign_keys=1 syntax is widely supported but the _fk=1 alias for ++++it was only added in version 1.8.0 of the sqlite3 driver. Avoid using ++++the alias for the time being (the freeze is near). ++++ ++++--- ++++ pkg/database/database.go | 2 +- ++++ 1 file changed, 1 insertion(+), 1 deletion(-) ++++ ++++--- a/pkg/database/database.go +++++++ b/pkg/database/database.go ++++@@ -46,7 +46,7 @@ func NewClient(config *csconfig.Database ++++ return &Client{}, fmt.Errorf("unable to set perms on %s: %v", config.DbPath, err) ++++ } ++++ } ++++- client, err = ent.Open("sqlite3", fmt.Sprintf("file:%s?_busy_timeout=100000&_fk=1", config.DbPath)) +++++ client, err = ent.Open("sqlite3", fmt.Sprintf("file:%s?_busy_timeout=100000&_foreign_keys=1", config.DbPath)) ++++ if err != nil { ++++ return &Client{}, fmt.Errorf("failed opening connection to sqlite: %v", err) ++++ } diff --cc debian/patches/0003-adjust-systemd-unit.patch index 0000000,0000000,0000000,0000000..7ec2d47 new file mode 100644 --- /dev/null +++ b/debian/patches/0003-adjust-systemd-unit.patch @@@@@ -1,0 -1,0 -1,0 -1,0 +1,35 @@@@@ ++++From: Cyril Brulebois ++++Date: Fri, 22 Jan 2021 13:25:54 +0000 ++++Subject: Adjust systemd unit ++++ ++++ - Drop PIDFile (that uses an obsolete path, and doesn't seem to be ++++ used at all). ++++ - Adjust paths for the packaged crowdsec binary (/usr/bin). ++++ - Drop commented out ExecStartPost entirely. ++++ - Drop syslog.target dependency, it's socket-activated (thanks to the ++++ systemd-service-file-refers-to-obsolete-target lintian tag). ++++ - Ensure both local and online API credentials have been defined. ++++ ++++--- a/config/crowdsec.service +++++++ b/config/crowdsec.service ++++@@ -1,14 +1,15 @@ ++++ [Unit] ++++ Description=Crowdsec agent ++++-After=syslog.target network.target remote-fs.target nss-lookup.target +++++After=network.target remote-fs.target nss-lookup.target +++++# Ensure configuration happened: +++++ConditionPathExists=/etc/crowdsec/local_api_credentials.yaml +++++ConditionPathExists=/etc/crowdsec/online_api_credentials.yaml ++++ ++++ [Service] ++++ Type=notify ++++ Environment=LC_ALL=C LANG=C ++++-PIDFile=/var/run/crowdsec.pid ++++-ExecStartPre=/usr/local/bin/crowdsec -c /etc/crowdsec/config.yaml -t ++++-ExecStart=/usr/local/bin/crowdsec -c /etc/crowdsec/config.yaml ++++-#ExecStartPost=/bin/sleep 0.1 +++++ExecStartPre=/usr/bin/crowdsec -c /etc/crowdsec/config.yaml -t +++++ExecStart=/usr/bin/crowdsec -c /etc/crowdsec/config.yaml ++++ ExecReload=/bin/kill -HUP $MAINPID ++++ ++++ [Install] diff --cc debian/patches/0004-disable-geoip-enrich.patch index 0000000,0000000,0000000,0000000..de30b3d new file mode 100644 --- /dev/null +++ b/debian/patches/0004-disable-geoip-enrich.patch @@@@@ -1,0 -1,0 -1,0 -1,0 +1,50 @@@@@ ++++From: Cyril Brulebois ++++Date: Fri, 22 Jan 2021 14:35:42 +0000 ++++Subject: Disable geoip-enrich in the hub files ++++ ++++It would download GeoLite2*.mmdb files from the network. Let users ++++enable the hub by themselves if they want to use it. ++++ ++++--- a/hub1/.index.json +++++++ b/hub1/.index.json ++++@@ -115,12 +115,11 @@ ++++ }, ++++ "long_description": "Kipjb3JlIHBhY2thZ2UgZm9yIGxpbnV4KioKCmNvbnRhaW5zIHN1cHBvcnQgZm9yIHN5c2xvZywgZG8gbm90IHJlbW92ZS4K", ++++ "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvc3lzbG9nLWxvZ3MKICAtIGNyb3dkc2VjdXJpdHkvZ2VvaXAtZW5yaWNoCiAgLSBjcm93ZHNlY3VyaXR5L2RhdGVwYXJzZS1lbnJpY2gKY29sbGVjdGlvbnM6CiAgLSBjcm93ZHNlY3VyaXR5L3NzaGQKZGVzY3JpcHRpb246ICJjb3JlIGxpbnV4IHN1cHBvcnQgOiBzeXNsb2crZ2VvaXArc3NoIgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIGxpbnV4Cgo=", ++++- "description": "core linux support : syslog+geoip+ssh", +++++ "description": "core linux support : syslog+ssh", ++++ "author": "crowdsecurity", ++++ "labels": null, ++++ "parsers": [ ++++ "crowdsecurity/syslog-logs", ++++- "crowdsecurity/geoip-enrich", ++++ "crowdsecurity/dateparse-enrich" ++++ ], ++++ "collections": [ ++++@@ -393,26 +392,6 @@ ++++ "author": "crowdsecurity", ++++ "labels": null ++++ }, ++++- "crowdsecurity/geoip-enrich": { ++++- "path": "parsers/s02-enrich/crowdsecurity/geoip-enrich.yaml", ++++- "stage": "s02-enrich", ++++- "version": "0.2", ++++- "versions": { ++++- "0.1": { ++++- "digest": "c0718adfc71ad462ad90485ad5c490e5de0e54d8af425bff552994e114443ab6", ++++- "deprecated": false ++++- }, ++++- "0.2": { ++++- "digest": "ab327e6044a32de7d2f3780cbc8e0c4af0c11716f353023d2dc7b986571bb765", ++++- "deprecated": false ++++- } ++++- }, ++++- "long_description": "VGhlIEdlb0lQIG1vZHVsZSByZWxpZXMgb24gZ2VvbGl0ZSBkYXRhYmFzZSB0byBwcm92aWRlIGVucmljaG1lbnQgb24gc291cmNlIGlwLgoKVGhlIGZvbGxvd2luZyBpbmZvcm1hdGlvbnMgd2lsbCBiZSBhZGRlZCB0byB0aGUgZXZlbnQgOgogLSBgTWV0YS5Jc29Db2RlYCA6IHR3by1sZXR0ZXJzIGNvdW50cnkgY29kZQogLSBgTWV0YS5Jc0luRVVgIDogYSBib29sZWFuIGluZGljYXRpbmcgaWYgSVAgaXMgaW4gRVUKIC0gYE1ldGEuR2VvQ29vcmRzYCA6IGxhdGl0dWRlICYgbG9uZ2l0dWRlIG9mIElQCiAtIGBNZXRhLkFTTk51bWJlcmAgOiBBdXRvbm9tb3VzIFN5c3RlbSBOdW1iZXIKIC0gYE1ldGEuQVNOT3JnYCA6IEF1dG9ub21vdXMgU3lzdGVtIE5hbWUKIC0gYE1ldGEuU291cmNlUmFuZ2VgIDogVGhlIHB1YmxpYyByYW5nZSB0byB3aGljaCB0aGUgSVAgYmVsb25ncwoKClRoaXMgY29uZmlndXJhdGlvbiBpbmNsdWRlcyBHZW9MaXRlMiBkYXRhIGNyZWF0ZWQgYnkgTWF4TWluZCBhdmFpbGFibGUgZnJvbSBbaHR0cHM6Ly93d3cubWF4bWluZC5jb21dKGh0dHBzOi8vd3d3Lm1heG1pbmQuY29tKSwgaXQgaW5jbHVkZXMgdHdvIGRhdGEgZmlsZXM6IAoqIFtHZW9MaXRlMi1DaXR5Lm1tZGJdKGh0dHBzOi8vY3Jvd2RzZWMtc3RhdGljcy1hc3NldHMuczMtZXUtd2VzdC0xLmFtYXpvbmF3cy5jb20vR2VvTGl0ZTItQ2l0eS5tbWRiKQoqIFtHZW9MaXRlMi1BU04ubW1kYl0oaHR0cHM6Ly9jcm93ZHNlYy1zdGF0aWNzLWFzc2V0cy5zMy1ldS13ZXN0LTEuYW1hem9uYXdzLmNvbS9HZW9MaXRlMi1BU04ubW1kYikKCg==", ++++- "content": "ZmlsdGVyOiAiJ3NvdXJjZV9pcCcgaW4gZXZ0Lk1ldGEiCm5hbWU6IGNyb3dkc2VjdXJpdHkvZ2VvaXAtZW5yaWNoCmRlc2NyaXB0aW9uOiAiUG9wdWxhdGUgZXZlbnQgd2l0aCBnZW9sb2MgaW5mbyA6IGFzLCBjb3VudHJ5LCBjb29yZHMsIHNvdXJjZSByYW5nZS4iCmRhdGE6CiAgLSBzb3VyY2VfdXJsOiBodHRwczovL2Nyb3dkc2VjLXN0YXRpY3MtYXNzZXRzLnMzLWV1LXdlc3QtMS5hbWF6b25hd3MuY29tL0dlb0xpdGUyLUNpdHkubW1kYgogICAgZGVzdF9maWxlOiBHZW9MaXRlMi1DaXR5Lm1tZGIKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vY3Jvd2RzZWMtc3RhdGljcy1hc3NldHMuczMtZXUtd2VzdC0xLmFtYXpvbmF3cy5jb20vR2VvTGl0ZTItQVNOLm1tZGIKICAgIGRlc3RfZmlsZTogR2VvTGl0ZTItQVNOLm1tZGIKc3RhdGljczoKICAtIG1ldGhvZDogR2VvSXBDaXR5CiAgICBleHByZXNzaW9uOiBldnQuTWV0YS5zb3VyY2VfaXAKICAtIG1ldGE6IElzb0NvZGUKICAgIGV4cHJlc3Npb246IGV2dC5FbnJpY2hlZC5Jc29Db2RlCiAgLSBtZXRhOiBJc0luRVUKICAgIGV4cHJlc3Npb246IGV2dC5FbnJpY2hlZC5Jc0luRVUKICAtIG1ldGE6IEdlb0Nvb3JkcwogICAgZXhwcmVzc2lvbjogZXZ0LkVucmljaGVkLkdlb0Nvb3JkcwogIC0gbWV0aG9kOiBHZW9JcEFTTgogICAgZXhwcmVzc2lvbjogZXZ0Lk1ldGEuc291cmNlX2lwCiAgLSBtZXRhOiBBU05OdW1iZXIKICAgIGV4cHJlc3Npb246IGV2dC5FbnJpY2hlZC5BU05OdW1iZXIKICAtIG1ldGE6IEFTTk9yZwogICAgZXhwcmVzc2lvbjogZXZ0LkVucmljaGVkLkFTTk9yZwogIC0gbWV0aG9kOiBJcFRvUmFuZ2UKICAgIGV4cHJlc3Npb246IGV2dC5NZXRhLnNvdXJjZV9pcAogIC0gbWV0YTogU291cmNlUmFuZ2UKICAgIGV4cHJlc3Npb246IGV2dC5FbnJpY2hlZC5Tb3VyY2VSYW5nZQo=", ++++- "description": "Populate event with geoloc info : as, country, coords, source range.", ++++- "author": "crowdsecurity", ++++- "labels": null ++++- }, ++++ "crowdsecurity/http-logs": { ++++ "path": "parsers/s02-enrich/crowdsecurity/http-logs.yaml", ++++ "stage": "s02-enrich", diff --cc debian/patches/0005-adjust-config.patch index 0000000,0000000,0000000,0000000..e520471 new file mode 100644 --- /dev/null +++ b/debian/patches/0005-adjust-config.patch @@@@@ -1,0 -1,0 -1,0 -1,0 +1,21 @@@@@ ++++From: Cyril Brulebois ++++Date: Mon, 01 Mar 2021 14:11:36 +0000 ++++Subject: Adjust default config ++++ ++++Let's have all hub-related data under /var/lib/crowdsec/hub instead of ++++the default /etc/crowdsec/hub directory. ++++ ++++Signed-off-by: Cyril Brulebois ++++--- a/config/config.yaml +++++++ b/config/config.yaml ++++@@ -9,8 +9,8 @@ config_paths: ++++ config_dir: /etc/crowdsec/ ++++ data_dir: /var/lib/crowdsec/data/ ++++ simulation_path: /etc/crowdsec/simulation.yaml ++++- hub_dir: /etc/crowdsec/hub/ ++++- index_path: /etc/crowdsec/hub/.index.json +++++ hub_dir: /var/lib/crowdsec/hub/ +++++ index_path: /var/lib/crowdsec/hub/.index.json ++++ crowdsec_service: ++++ acquisition_path: /etc/crowdsec/acquis.yaml ++++ parser_routines: 1 diff --cc debian/patches/0006-prefer-systemctl-restart.patch index 0000000,0000000,0000000,0000000..9b4f16c new file mode 100644 --- /dev/null +++ b/debian/patches/0006-prefer-systemctl-restart.patch @@@@@ -1,0 -1,0 -1,0 -1,0 +1,88 @@@@@ ++++From: Cyril Brulebois ++++Date: Mon, 01 Mar 2021 20:40:04 +0000 ++++Subject: Prefer `systemctl restart crowdsec` to `systemctl reload crowdsec` ++++ ++++As of version 1.0.8, reloading doesn't work due to failures to reopen ++++the database: ++++ https://github.com/crowdsecurity/crowdsec/issues/656 ++++ ++++Until this is fixed, advertise `systemctl restart crowdsec` instead. ++++ ++++Signed-off-by: Cyril Brulebois ++++--- a/cmd/crowdsec-cli/capi.go +++++++ b/cmd/crowdsec-cli/capi.go ++++@@ -96,7 +96,7 @@ func NewCapiCmd() *cobra.Command { ++++ fmt.Printf("%s\n", string(apiConfigDump)) ++++ } ++++ ++++- log.Warningf("Run 'sudo systemctl reload crowdsec' for the new configuration to be effective") +++++ log.Warningf("Run 'sudo systemctl restart crowdsec' for the new configuration to be effective") ++++ }, ++++ } ++++ cmdCapiRegister.Flags().StringVarP(&outputFile, "file", "f", "", "output file destination") ++++--- a/cmd/crowdsec-cli/collections.go +++++++ b/cmd/crowdsec-cli/collections.go ++++@@ -31,7 +31,7 @@ func NewCollectionsCmd() *cobra.Command ++++ if cmd.Name() == "inspect" || cmd.Name() == "list" { ++++ return ++++ } ++++- log.Infof("Run 'sudo systemctl reload crowdsec' for the new configuration to be effective.") +++++ log.Infof("Run 'sudo systemctl restart crowdsec' for the new configuration to be effective.") ++++ }, ++++ } ++++ ++++--- a/cmd/crowdsec-cli/lapi.go +++++++ b/cmd/crowdsec-cli/lapi.go ++++@@ -112,7 +112,7 @@ Keep in mind the machine needs to be val ++++ } else { ++++ fmt.Printf("%s\n", string(apiConfigDump)) ++++ } ++++- log.Warningf("Run 'sudo systemctl reload crowdsec' for the new configuration to be effective") +++++ log.Warningf("Run 'sudo systemctl restart crowdsec' for the new configuration to be effective") ++++ }, ++++ } ++++ cmdLapiRegister.Flags().StringVarP(&apiURL, "url", "u", "", "URL of the API (ie. http://127.0.0.1)") ++++--- a/cmd/crowdsec-cli/parsers.go +++++++ b/cmd/crowdsec-cli/parsers.go ++++@@ -35,7 +35,7 @@ cscli parsers remove crowdsecurity/sshd- ++++ if cmd.Name() == "inspect" || cmd.Name() == "list" { ++++ return ++++ } ++++- log.Infof("Run 'sudo systemctl reload crowdsec' for the new configuration to be effective.") +++++ log.Infof("Run 'sudo systemctl restart crowdsec' for the new configuration to be effective.") ++++ }, ++++ } ++++ ++++--- a/cmd/crowdsec-cli/postoverflows.go +++++++ b/cmd/crowdsec-cli/postoverflows.go ++++@@ -34,7 +34,7 @@ func NewPostOverflowsCmd() *cobra.Comman ++++ if cmd.Name() == "inspect" || cmd.Name() == "list" { ++++ return ++++ } ++++- log.Infof("Run 'sudo systemctl reload crowdsec' for the new configuration to be effective.") +++++ log.Infof("Run 'sudo systemctl restart crowdsec' for the new configuration to be effective.") ++++ }, ++++ } ++++ ++++--- a/cmd/crowdsec-cli/scenarios.go +++++++ b/cmd/crowdsec-cli/scenarios.go ++++@@ -35,7 +35,7 @@ cscli scenarios remove crowdsecurity/ssh ++++ if cmd.Name() == "inspect" || cmd.Name() == "list" { ++++ return ++++ } ++++- log.Infof("Run 'sudo systemctl reload crowdsec' for the new configuration to be effective.") +++++ log.Infof("Run 'sudo systemctl restart crowdsec' for the new configuration to be effective.") ++++ }, ++++ } ++++ ++++--- a/cmd/crowdsec-cli/simulation.go +++++++ b/cmd/crowdsec-cli/simulation.go ++++@@ -112,7 +112,7 @@ cscli simulation disable crowdsecurity/s ++++ }, ++++ PersistentPostRun: func(cmd *cobra.Command, args []string) { ++++ if cmd.Name() != "status" { ++++- log.Infof("Run 'sudo systemctl reload crowdsec' for the new configuration to be effective.") +++++ log.Infof("Run 'sudo systemctl restart crowdsec' for the new configuration to be effective.") ++++ } ++++ }, ++++ } diff --cc debian/patches/0007-automatically-enable-online-hub.patch index 0000000,0000000,0000000,0000000..04dd501 new file mode 100644 --- /dev/null +++ b/debian/patches/0007-automatically-enable-online-hub.patch @@@@@ -1,0 -1,0 -1,0 -1,0 +1,38 @@@@@ ++++From: Cyril Brulebois ++++Date: Mon, 01 Mar 2021 20:40:04 +0000 ++++Subject: Automatically enable the online hub ++++ ++++By default, crowdsec comes with an offline copy of the hub (see ++++README.Debian). When running `cscli hub update`, ensure switching from ++++this offline copy to the online hub. ++++ ++++To ensure cscli doesn't disable anything that was configured (due to ++++symlinks from /etc/crowdsec becoming dangling all of a sudden), copy the ++++offline hub in the live directory (/var/lib/crowdsec/hub), and let ++++further operations (`cscli hub upgrade`, or `cscli install`) ++++update the live directory as required. ++++ ++++Signed-off-by: Cyril Brulebois ++++--- a/cmd/crowdsec-cli/hub.go +++++++ b/cmd/crowdsec-cli/hub.go ++++@@ -2,6 +2,7 @@ package main ++++ ++++ import ( ++++ "fmt" +++++ "os/exec" ++++ ++++ "github.com/crowdsecurity/crowdsec/pkg/cwhub" ++++ ++++@@ -77,6 +78,12 @@ Fetches the [.index.json](https://github ++++ return nil ++++ }, ++++ Run: func(cmd *cobra.Command, args []string) { +++++ /* Make sure to move away from the offline hub (see README.Debian) */ +++++ command := exec.Command("/var/lib/dpkg/info/crowdsec.postinst", "enable-online-hub") +++++ if err := command.Run(); err != nil { +++++ log.Printf("Enabling Online Hub failed with error: %v", err) +++++ } +++++ ++++ if err := cwhub.UpdateHubIdx(csConfig.Cscli); err != nil { ++++ log.Fatalf("Failed to get Hub index : %v", err) ++++ } diff --cc debian/patches/0008-hub-disable-broken-scenario.patch index 0000000,0000000,0000000,0000000..1365300 new file mode 100644 --- /dev/null +++ b/debian/patches/0008-hub-disable-broken-scenario.patch @@@@@ -1,0 -1,0 -1,0 -1,0 +1,65 @@@@@ ++++From e601f44760ce6310ca4df3904c96883edf80d366 Mon Sep 17 00:00:00 2001 ++++From: "Thibault \"bui\" Koechlin" ++++Date: Fri, 12 Mar 2021 16:01:53 +0100 ++++Subject: [PATCH] remove broken scenario `ban-report-ssh_bf_report` (#181) ++++ ++++* remove broken scenario ++++ ++++* Update index ++++ ++++Co-authored-by: GitHub Action ++++--- ++++ .index.json | 21 ------------------- ++++ .../crowdsecurity/ban-report-ssh_bf_report.md | 1 - ++++ .../ban-report-ssh_bf_report.yaml | 10 --------- ++++ 3 files changed, 32 deletions(-) ++++ delete mode 100644 scenarios/crowdsecurity/ban-report-ssh_bf_report.md ++++ delete mode 100644 scenarios/crowdsecurity/ban-report-ssh_bf_report.yaml ++++ ++++--- a/hub1/.index.json +++++++ b/hub1/.index.json ++++@@ -732,27 +732,6 @@ ++++ "remediation": "true" ++++ } ++++ }, ++++- "crowdsecurity/ban-report-ssh_bf_report": { ++++- "path": "scenarios/crowdsecurity/ban-report-ssh_bf_report.yaml", ++++- "version": "0.2", ++++- "versions": { ++++- "0.1": { ++++- "digest": "0a7bc501a12b4a8aff250d95d3a08dd0f53ad9eb874ac523ba9c628302749c4d", ++++- "deprecated": false ++++- }, ++++- "0.2": { ++++- "digest": "34d80ea3e271c1c1735e55076610063b137a2311a11d51fecff93715b9a4ac39", ++++- "deprecated": false ++++- } ++++- }, ++++- "long_description": "Q291bnQgdGhlIG51bWJlciBvZiB1bmlxdWUgaXBzIHRoYXQgcGVyZm9ybWVkIHNzaF9icnV0ZWZvcmNlcywgcmVwb3J0IGV2ZXJ5IDEwIG1pbnV0ZXMuCg==", ++++- "content": "dHlwZTogY291bnRlcgpuYW1lOiBjcm93ZHNlY3VyaXR5L2Jhbi1yZXBvcnRzLXNzaF9iZl9yZXBvcnQKZGVzY3JpcHRpb246ICJDb3VudCB1bmlxdWUgaXBzIHBlcmZvcm1pbmcgc3NoIGJydXRlZm9yY2UiCiNkZWJ1ZzogdHJ1ZQpmaWx0ZXI6ICJldnQuT3ZlcmZsb3cuQWxlcnQuU2NlbmFyaW8gPT0gJ3NzaF9icnV0ZWZvcmNlJyIKZGlzdGluY3Q6ICJldnQuT3ZlcmZsb3cuQWxlcnQuU291cmNlLklQIgpjYXBhY2l0eTogLTEKZHVyYXRpb246IDEwbQpsYWJlbHM6CiAgc2VydmljZTogc3NoCg==", ++++- "description": "Count unique ips performing ssh bruteforce", ++++- "author": "crowdsecurity", ++++- "labels": { ++++- "service": "ssh" ++++- } ++++- }, ++++ "crowdsecurity/dovecot-spam": { ++++ "path": "scenarios/crowdsecurity/dovecot-spam.yaml", ++++ "version": "0.1", ++++--- a/hub1/scenarios/crowdsecurity/ban-report-ssh_bf_report.md +++++++ /dev/null ++++@@ -1 +0,0 @@ ++++-Count the number of unique ips that performed ssh_bruteforces, report every 10 minutes. ++++--- a/hub1/scenarios/crowdsecurity/ban-report-ssh_bf_report.yaml +++++++ /dev/null ++++@@ -1,10 +0,0 @@ ++++-type: counter ++++-name: crowdsecurity/ban-reports-ssh_bf_report ++++-description: "Count unique ips performing ssh bruteforce" ++++-#debug: true ++++-filter: "evt.Overflow.Alert.Scenario == 'ssh_bruteforce'" ++++-distinct: "evt.Overflow.Alert.Source.IP" ++++-capacity: -1 ++++-duration: 10m ++++-labels: ++++- service: ssh diff --cc debian/patches/0009-Improve-http-bad-user-agent-use-regexp-197.patch index 0000000,0000000,0000000,0000000..6578e26 new file mode 100644 --- /dev/null +++ b/debian/patches/0009-Improve-http-bad-user-agent-use-regexp-197.patch @@@@@ -1,0 -1,0 -1,0 -1,0 +1,71 @@@@@ ++++From 7a50abdef0e723508b3fbbc41430d80ae93625b1 Mon Sep 17 00:00:00 2001 ++++From: "Thibault \"bui\" Koechlin" ++++Date: Thu, 22 Apr 2021 11:08:16 +0200 ++++Subject: [PATCH] Improve http bad user agent : use regexp (#197) ++++ ++++* switch to regexp with word boundaries to avoid false positives when a legit user agent contains a bad one ++++ ++++Co-authored-by: GitHub Action ++++--- ++++ .index.json | 8 ++++++-- ++++ .../.tests/http-bad-user-agent/bucket_results.yaml | 2 +- ++++ scenarios/crowdsecurity/http-bad-user-agent.yaml | 2 +- ++++ 3 files changed, 8 insertions(+), 4 deletions(-) ++++ ++++diff --git a/.index.json b/.index.json ++++index da76124..4119b7b 100644 ++++--- a/hub1/.index.json +++++++ b/hub1/.index.json ++++@@ -895,7 +895,7 @@ ++++ }, ++++ "crowdsecurity/http-bad-user-agent": { ++++ "path": "scenarios/crowdsecurity/http-bad-user-agent.yaml", ++++- "version": "0.3", +++++ "version": "0.4", ++++ "versions": { ++++ "0.1": { ++++ "digest": "46e7058419bc3086f2919fb9afad6b2e85f0d4764f74153dd336ed491f99fa08", ++++@@ -908,10 +908,14 @@ ++++ "0.3": { ++++ "digest": "d3cae6c40fadd16693e449b4eb7a030586c8f1a9d9dd33c97001c9dc717c68f2", ++++ "deprecated": false +++++ }, +++++ "0.4": { +++++ "digest": "8dd16e9de043f47f026d2e3c1b53ad4bbc6dd8f8aac3adaf26a7f4bd2bb6e6fd", +++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "IyBLbm93biBiYWQgdXNlci1hZ2VudHMKCkRldGVjdCBrbm93biBiYWQgdXNlci1hZ2VudHMuCgpCYW5zIGFmdGVyIHR3byByZXF1ZXN0cy4KCgoKCgo=", ++++- "content": "dHlwZTogbGVha3kKZm9ybWF0OiAyLjAKI2RlYnVnOiB0cnVlCm5hbWU6IGNyb3dkc2VjdXJpdHkvaHR0cC1iYWQtdXNlci1hZ2VudApkZXNjcmlwdGlvbjogIkRldGVjdCBiYWQgdXNlci1hZ2VudHMiCmZpbHRlcjogJ2V2dC5NZXRhLmxvZ190eXBlIGluIFsiaHR0cF9hY2Nlc3MtbG9nIiwgImh0dHBfZXJyb3ItbG9nIl0gJiYgYW55KEZpbGUoImJhZF91c2VyX2FnZW50cy50eHQiKSwge2V2dC5QYXJzZWQuaHR0cF91c2VyX2FnZW50IGNvbnRhaW5zICN9KScKZGF0YToKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vcmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbS9jcm93ZHNlY3VyaXR5L3NlYy1saXN0cy9tYXN0ZXIvd2ViL2JhZF91c2VyX2FnZW50cy50eHQKICAgIGRlc3RfZmlsZTogYmFkX3VzZXJfYWdlbnRzLnR4dAogICAgdHlwZTogc3RyaW5nCmNhcGFjaXR5OiAxCmxlYWtzcGVlZDogMW0KZ3JvdXBieTogImV2dC5NZXRhLnNvdXJjZV9pcCIKYmxhY2tob2xlOiAybQpsYWJlbHM6CiAgdHlwZTogc2NhbgogIHJlbWVkaWF0aW9uOiB0cnVlCg==", +++++ "content": "dHlwZTogbGVha3kKZm9ybWF0OiAyLjAKI2RlYnVnOiB0cnVlCm5hbWU6IGNyb3dkc2VjdXJpdHkvaHR0cC1iYWQtdXNlci1hZ2VudApkZXNjcmlwdGlvbjogIkRldGVjdCBiYWQgdXNlci1hZ2VudHMiCmZpbHRlcjogJ2V2dC5NZXRhLmxvZ190eXBlIGluIFsiaHR0cF9hY2Nlc3MtbG9nIiwgImh0dHBfZXJyb3ItbG9nIl0gJiYgYW55KEZpbGUoImJhZF91c2VyX2FnZW50cy50eHQiKSwge2V2dC5QYXJzZWQuaHR0cF91c2VyX2FnZW50IG1hdGNoZXMgIlxcYiIrIysiXFxiIn0pJwpkYXRhOgogIC0gc291cmNlX3VybDogaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL2Nyb3dkc2VjdXJpdHkvc2VjLWxpc3RzL21hc3Rlci93ZWIvYmFkX3VzZXJfYWdlbnRzLnR4dAogICAgZGVzdF9maWxlOiBiYWRfdXNlcl9hZ2VudHMudHh0CiAgICB0eXBlOiBzdHJpbmcKY2FwYWNpdHk6IDEKbGVha3NwZWVkOiAxbQpncm91cGJ5OiAiZXZ0Lk1ldGEuc291cmNlX2lwIgpibGFja2hvbGU6IDJtCmxhYmVsczoKICB0eXBlOiBzY2FuCiAgcmVtZWRpYXRpb246IHRydWUK", ++++ "description": "Detect bad user-agents", ++++ "author": "crowdsecurity", ++++ "labels": { ++++diff --git a/scenarios/crowdsecurity/.tests/http-bad-user-agent/bucket_results.yaml b/scenarios/crowdsecurity/.tests/http-bad-user-agent/bucket_results.yaml ++++index 709526b..578f91b 100644 ++++--- a/hub1/scenarios/crowdsecurity/.tests/http-bad-user-agent/bucket_results.yaml +++++++ b/hub1/scenarios/crowdsecurity/.tests/http-bad-user-agent/bucket_results.yaml ++++@@ -1,6 +1,6 @@ ++++ - Type: 1 ++++ Alert: ++++- MapKey: 25fa9229bd06e973b3e656d1cc9b0a093cb779d1 +++++ MapKey: 726dc5f15649d6ffac5a8aff8d85f2427775c823 ++++ Sources: ++++ 8.8.8.8: ++++ asname: "" ++++diff --git a/scenarios/crowdsecurity/http-bad-user-agent.yaml b/scenarios/crowdsecurity/http-bad-user-agent.yaml ++++index 6c7baf3..0069956 100644 ++++--- a/hub1/scenarios/crowdsecurity/http-bad-user-agent.yaml +++++++ b/hub1/scenarios/crowdsecurity/http-bad-user-agent.yaml ++++@@ -3,7 +3,7 @@ format: 2.0 ++++ #debug: true ++++ name: crowdsecurity/http-bad-user-agent ++++ description: "Detect bad user-agents" ++++-filter: 'evt.Meta.log_type in ["http_access-log", "http_error-log"] && any(File("bad_user_agents.txt"), {evt.Parsed.http_user_agent contains #})' +++++filter: 'evt.Meta.log_type in ["http_access-log", "http_error-log"] && any(File("bad_user_agents.txt"), {evt.Parsed.http_user_agent matches "\\b"+#+"\\b"})' ++++ data: ++++ - source_url: https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/web/bad_user_agents.txt ++++ dest_file: bad_user_agents.txt ++++-- ++++2.30.2 ++++ diff --cc debian/patches/0010-5ae69aa293-fix-stacktrace-when-mmdb-files-are-not-present.patch index 0000000,0000000,0000000,0000000..8b867fa new file mode 100644 --- /dev/null +++ b/debian/patches/0010-5ae69aa293-fix-stacktrace-when-mmdb-files-are-not-present.patch @@@@@ -1,0 -1,0 -1,0 -1,0 +1,555 @@@@@ ++++From 6365cf98fb894a716685b761ed678d90232a987a Mon Sep 17 00:00:00 2001 ++++From: AlteredCoder <64792091+AlteredCoder@users.noreply.github.com> ++++Date: Thu, 9 Sep 2021 16:27:30 +0200 ++++Subject: [PATCH] fix stacktrace when mmdb file are not present (#935) ++++ ++++* fix stacktrace when mmdb file are not present ++++--- ++++ pkg/exprhelpers/visitor.go | 2 +- ++++ pkg/parser/enrich.go | 122 ++++++++++++++----------------------- ++++ pkg/parser/enrich_date.go | 70 +++++++++++++++++++++ ++++ pkg/parser/enrich_dns.go | 4 ++ ++++ pkg/parser/enrich_geoip.go | 39 ++++++------ ++++ pkg/parser/node.go | 17 ++---- ++++ pkg/parser/node_test.go | 4 +- ++++ pkg/parser/parsing_test.go | 8 +-- ++++ pkg/parser/runtime.go | 37 ++++++----- ++++ pkg/parser/stage.go | 2 +- ++++ pkg/parser/unix_parser.go | 2 +- ++++ 11 files changed, 171 insertions(+), 136 deletions(-) ++++ create mode 100644 pkg/parser/enrich_date.go ++++ ++++diff --git a/pkg/exprhelpers/visitor.go b/pkg/exprhelpers/visitor.go ++++index 86bea79..7a65c06 100644 ++++--- a/pkg/exprhelpers/visitor.go +++++++ b/pkg/exprhelpers/visitor.go ++++@@ -124,7 +124,7 @@ func (e *ExprDebugger) Run(logger *logrus.Entry, filterResult bool, exprEnv map[ ++++ if err != nil { ++++ logger.Errorf("unable to print debug expression for '%s': %s", expression.Str, err) ++++ } ++++- logger.Debugf(" %s = '%s'", expression.Str, debug) +++++ logger.Debugf(" %s = '%v'", expression.Str, debug) ++++ } ++++ } ++++ ++++diff --git a/pkg/parser/enrich.go b/pkg/parser/enrich.go ++++index 4aa8a34..43331c6 100644 ++++--- a/pkg/parser/enrich.go +++++++ b/pkg/parser/enrich.go ++++@@ -1,9 +1,6 @@ ++++ package parser ++++ ++++ import ( ++++- "plugin" ++++- "time" ++++- ++++ "github.com/crowdsecurity/crowdsec/pkg/types" ++++ log "github.com/sirupsen/logrus" ++++ ) ++++@@ -13,87 +10,62 @@ type EnrichFunc func(string, *types.Event, interface{}) (map[string]string, erro ++++ type InitFunc func(map[string]string) (interface{}, error) ++++ ++++ type EnricherCtx struct { ++++- Funcs map[string]EnrichFunc ++++- Init InitFunc ++++- Plugin *plugin.Plugin //pointer to the actual plugin +++++ Registered map[string]*Enricher +++++} +++++ +++++type Enricher struct { ++++ Name string ++++- Path string //path to .so ? ++++- RuntimeCtx interface{} //the internal context of plugin, given back over every call ++++- initiated bool +++++ InitFunc InitFunc +++++ EnrichFunc EnrichFunc +++++ Ctx interface{} ++++ } ++++ ++++ /* mimic plugin loading */ ++++-// TODO fix this shit with real plugin loading ++++-func Loadplugin(path string) ([]EnricherCtx, error) { ++++- var err error +++++func Loadplugin(path string) (EnricherCtx, error) { +++++ enricherCtx := EnricherCtx{} +++++ enricherCtx.Registered = make(map[string]*Enricher) ++++ ++++- c := EnricherCtx{} ++++- c.Name = path ++++- c.Path = path ++++- /* we don't want to deal with plugin loading for now :p */ ++++- c.Funcs = map[string]EnrichFunc{ ++++- "GeoIpASN": GeoIpASN, ++++- "GeoIpCity": GeoIpCity, ++++- "reverse_dns": reverse_dns, ++++- "ParseDate": ParseDate, ++++- "IpToRange": IpToRange, ++++- } ++++- c.Init = GeoIpInit +++++ enricherConfig := map[string]string{"datadir": path} ++++ ++++- c.RuntimeCtx, err = c.Init(map[string]string{"datadir": path}) ++++- if err != nil { ++++- log.Warningf("load (fake) plugin load : %v", err) ++++- c.initiated = false +++++ EnrichersList := []*Enricher{ +++++ { +++++ Name: "GeoIpCity", +++++ InitFunc: GeoIPCityInit, +++++ EnrichFunc: GeoIpCity, +++++ }, +++++ { +++++ Name: "GeoIpASN", +++++ InitFunc: GeoIPASNInit, +++++ EnrichFunc: GeoIpASN, +++++ }, +++++ { +++++ Name: "IpToRange", +++++ InitFunc: IpToRangeInit, +++++ EnrichFunc: IpToRange, +++++ }, +++++ { +++++ Name: "reverse_dns", +++++ InitFunc: reverseDNSInit, +++++ EnrichFunc: reverse_dns, +++++ }, +++++ { +++++ Name: "ParseDate", +++++ InitFunc: parseDateInit, +++++ EnrichFunc: ParseDate, +++++ }, ++++ } ++++- c.initiated = true ++++- return []EnricherCtx{c}, nil ++++-} ++++ ++++-func GenDateParse(date string) (string, time.Time) { ++++- var retstr string ++++- var layouts = [...]string{ ++++- time.RFC3339, ++++- "02/Jan/2006:15:04:05 -0700", ++++- "Mon Jan 2 15:04:05 2006", ++++- "02-Jan-2006 15:04:05 europe/paris", ++++- "01/02/2006 15:04:05", ++++- "2006-01-02 15:04:05.999999999 -0700 MST", ++++- //Jan 5 06:25:11 ++++- "Jan 2 15:04:05", ++++- "Mon Jan 02 15:04:05.000000 2006", ++++- "2006-01-02T15:04:05Z07:00", ++++- "2006/01/02", ++++- "2006/01/02 15:04", ++++- "2006-01-02", ++++- "2006-01-02 15:04", ++++- } ++++- ++++- for _, dateFormat := range layouts { ++++- t, err := time.Parse(dateFormat, date) ++++- if err == nil && !t.IsZero() { ++++- //if the year isn't set, set it to current date :) ++++- if t.Year() == 0 { ++++- t = t.AddDate(time.Now().Year(), 0, 0) ++++- } ++++- retstr, err := t.MarshalText() ++++- if err != nil { ++++- log.Warningf("Failed marshaling '%v'", t) ++++- continue ++++- } ++++- return string(retstr), t +++++ for _, enricher := range EnrichersList { +++++ log.Debugf("Initiating enricher '%s'", enricher.Name) +++++ pluginCtx, err := enricher.InitFunc(enricherConfig) +++++ if err != nil { +++++ log.Errorf("unable to register plugin '%s': %v", enricher.Name, err) +++++ continue ++++ } +++++ enricher.Ctx = pluginCtx +++++ log.Infof("Successfully registered enricher '%s'", enricher.Name) +++++ enricherCtx.Registered[enricher.Name] = enricher ++++ } ++++- return retstr, time.Time{} ++++-} ++++- ++++-func ParseDate(in string, p *types.Event, x interface{}) (map[string]string, error) { ++++ ++++- var ret map[string]string = make(map[string]string) ++++- ++++- tstr, tbin := GenDateParse(in) ++++- if !tbin.IsZero() { ++++- ret["MarshaledTime"] = string(tstr) ++++- return ret, nil ++++- } ++++- return nil, nil +++++ return enricherCtx, nil ++++ } ++++diff --git a/pkg/parser/enrich_date.go b/pkg/parser/enrich_date.go ++++new file mode 100644 ++++index 0000000..bc3b946 ++++--- /dev/null +++++++ b/pkg/parser/enrich_date.go ++++@@ -0,0 +1,70 @@ +++++package parser +++++ +++++import ( +++++ "time" +++++ +++++ "github.com/crowdsecurity/crowdsec/pkg/types" +++++ log "github.com/sirupsen/logrus" +++++) +++++ +++++func GenDateParse(date string) (string, time.Time) { +++++ var ( +++++ layouts = [...]string{ +++++ time.RFC3339, +++++ "02/Jan/2006:15:04:05 -0700", +++++ "Mon Jan 2 15:04:05 2006", +++++ "02-Jan-2006 15:04:05 europe/paris", +++++ "01/02/2006 15:04:05", +++++ "2006-01-02 15:04:05.999999999 -0700 MST", +++++ "Jan 2 15:04:05", +++++ "Mon Jan 02 15:04:05.000000 2006", +++++ "2006-01-02T15:04:05Z07:00", +++++ "2006/01/02", +++++ "2006/01/02 15:04", +++++ "2006-01-02", +++++ "2006-01-02 15:04", +++++ "2006/01/02 15:04:05", +++++ "2006-01-02 15:04:05", +++++ } +++++ ) +++++ +++++ for _, dateFormat := range layouts { +++++ t, err := time.Parse(dateFormat, date) +++++ if err == nil && !t.IsZero() { +++++ //if the year isn't set, set it to current date :) +++++ if t.Year() == 0 { +++++ t = t.AddDate(time.Now().Year(), 0, 0) +++++ } +++++ retstr, err := t.MarshalText() +++++ if err != nil { +++++ log.Warningf("Failed marshaling '%v'", t) +++++ continue +++++ } +++++ return string(retstr), t +++++ } +++++ } +++++ +++++ now := time.Now() +++++ retstr, err := now.MarshalText() +++++ if err != nil { +++++ log.Warningf("Failed marshaling current time") +++++ return "", time.Time{} +++++ } +++++ return string(retstr), now +++++} +++++ +++++func ParseDate(in string, p *types.Event, x interface{}) (map[string]string, error) { +++++ +++++ var ret map[string]string = make(map[string]string) +++++ tstr, tbin := GenDateParse(in) +++++ if !tbin.IsZero() { +++++ ret["MarshaledTime"] = string(tstr) +++++ return ret, nil +++++ } +++++ +++++ return nil, nil +++++} +++++ +++++func parseDateInit(cfg map[string]string) (interface{}, error) { +++++ return nil, nil +++++} ++++diff --git a/pkg/parser/enrich_dns.go b/pkg/parser/enrich_dns.go ++++index 86944a7..d568a00 100644 ++++--- a/pkg/parser/enrich_dns.go +++++++ b/pkg/parser/enrich_dns.go ++++@@ -25,3 +25,7 @@ func reverse_dns(field string, p *types.Event, ctx interface{}) (map[string]stri ++++ ret["reverse_dns"] = rets[0] ++++ return ret, nil ++++ } +++++ +++++func reverseDNSInit(cfg map[string]string) (interface{}, error) { +++++ return nil, nil +++++} ++++diff --git a/pkg/parser/enrich_geoip.go b/pkg/parser/enrich_geoip.go ++++index c07fead..7a33e0b 100644 ++++--- a/pkg/parser/enrich_geoip.go +++++++ b/pkg/parser/enrich_geoip.go ++++@@ -13,15 +13,6 @@ import ( ++++ //"github.com/crowdsecurity/crowdsec/pkg/parser" ++++ ) ++++ ++++-type GeoIpEnricherCtx struct { ++++- dbc *geoip2.Reader ++++- dba *geoip2.Reader ++++- dbraw *maxminddb.Reader ++++-} ++++- ++++-/* All plugins must export a list of function pointers for exported symbols */ ++++-var ExportedFuncs = []string{"GeoIpASN", "GeoIpCity"} ++++- ++++ func IpToRange(field string, p *types.Event, ctx interface{}) (map[string]string, error) { ++++ var dummy interface{} ++++ ret := make(map[string]string) ++++@@ -34,7 +25,7 @@ func IpToRange(field string, p *types.Event, ctx interface{}) (map[string]string ++++ log.Infof("Can't parse ip %s, no range enrich", field) ++++ return nil, nil ++++ } ++++- net, ok, err := ctx.(GeoIpEnricherCtx).dbraw.LookupNetwork(ip, &dummy) +++++ net, ok, err := ctx.(*maxminddb.Reader).LookupNetwork(ip, &dummy) ++++ if err != nil { ++++ log.Errorf("Failed to fetch network for %s : %v", ip.String(), err) ++++ return nil, nil ++++@@ -58,14 +49,16 @@ func GeoIpASN(field string, p *types.Event, ctx interface{}) (map[string]string, ++++ log.Infof("Can't parse ip %s, no ASN enrich", ip) ++++ return nil, nil ++++ } ++++- record, err := ctx.(GeoIpEnricherCtx).dba.ASN(ip) +++++ record, err := ctx.(*geoip2.Reader).ASN(ip) ++++ if err != nil { ++++ log.Errorf("Unable to enrich ip '%s'", field) ++++ return nil, nil ++++ } ++++ ret["ASNNumber"] = fmt.Sprintf("%d", record.AutonomousSystemNumber) ++++ ret["ASNOrg"] = record.AutonomousSystemOrganization +++++ ++++ log.Tracef("geoip ASN %s -> %s, %s", field, ret["ASNNumber"], ret["ASNOrg"]) +++++ ++++ return ret, nil ++++ } ++++ ++++@@ -79,7 +72,7 @@ func GeoIpCity(field string, p *types.Event, ctx interface{}) (map[string]string ++++ log.Infof("Can't parse ip %s, no City enrich", ip) ++++ return nil, nil ++++ } ++++- record, err := ctx.(GeoIpEnricherCtx).dbc.City(ip) +++++ record, err := ctx.(*geoip2.Reader).City(ip) ++++ if err != nil { ++++ log.Debugf("Unable to enrich ip '%s'", ip) ++++ return nil, nil ++++@@ -94,26 +87,32 @@ func GeoIpCity(field string, p *types.Event, ctx interface{}) (map[string]string ++++ return ret, nil ++++ } ++++ ++++-/* All plugins must export an Init function */ ++++-func GeoIpInit(cfg map[string]string) (interface{}, error) { ++++- var ctx GeoIpEnricherCtx ++++- var err error ++++- ctx.dbc, err = geoip2.Open(cfg["datadir"] + "/GeoLite2-City.mmdb") +++++func GeoIPCityInit(cfg map[string]string) (interface{}, error) { +++++ dbCityReader, err := geoip2.Open(cfg["datadir"] + "/GeoLite2-City.mmdb") ++++ if err != nil { ++++ log.Debugf("couldn't open geoip : %v", err) ++++ return nil, err ++++ } ++++- ctx.dba, err = geoip2.Open(cfg["datadir"] + "/GeoLite2-ASN.mmdb") +++++ +++++ return dbCityReader, nil +++++} +++++ +++++func GeoIPASNInit(cfg map[string]string) (interface{}, error) { +++++ dbASReader, err := geoip2.Open(cfg["datadir"] + "/GeoLite2-ASN.mmdb") ++++ if err != nil { ++++ log.Debugf("couldn't open geoip : %v", err) ++++ return nil, err ++++ } ++++ ++++- ctx.dbraw, err = maxminddb.Open(cfg["datadir"] + "/GeoLite2-ASN.mmdb") +++++ return dbASReader, nil +++++} +++++ +++++func IpToRangeInit(cfg map[string]string) (interface{}, error) { +++++ ipToRangeReader, err := maxminddb.Open(cfg["datadir"] + "/GeoLite2-ASN.mmdb") ++++ if err != nil { ++++ log.Debugf("couldn't open geoip : %v", err) ++++ return nil, err ++++ } ++++ ++++- return ctx, nil +++++ return ipToRangeReader, nil ++++ } ++++diff --git a/pkg/parser/node.go b/pkg/parser/node.go ++++index 0593907..5d3d345 100644 ++++--- a/pkg/parser/node.go +++++++ b/pkg/parser/node.go ++++@@ -44,7 +44,7 @@ type Node struct { ++++ //If node has leafs, execute all of them until one asks for a 'break' ++++ LeavesNodes []Node `yaml:"nodes,omitempty"` ++++ //Flag used to describe when to 'break' or return an 'error' ++++- EnrichFunctions []EnricherCtx +++++ EnrichFunctions EnricherCtx ++++ ++++ /* If the node is actually a leaf, it can have : grok, enrich, statics */ ++++ //pattern_syntax are named grok patterns that are re-utilised over several grok patterns ++++@@ -58,7 +58,7 @@ type Node struct { ++++ Data []*types.DataSource `yaml:"data,omitempty"` ++++ } ++++ ++++-func (n *Node) validate(pctx *UnixParserCtx, ectx []EnricherCtx) error { +++++func (n *Node) validate(pctx *UnixParserCtx, ectx EnricherCtx) error { ++++ ++++ //stage is being set automagically ++++ if n.Stage == "" { ++++@@ -87,15 +87,8 @@ func (n *Node) validate(pctx *UnixParserCtx, ectx []EnricherCtx) error { ++++ if static.ExpValue == "" { ++++ return fmt.Errorf("static %d : when method is set, expression must be present", idx) ++++ } ++++- method_found := false ++++- for _, enricherCtx := range ectx { ++++- if _, ok := enricherCtx.Funcs[static.Method]; ok && enricherCtx.initiated { ++++- method_found = true ++++- break ++++- } ++++- } ++++- if !method_found { ++++- return fmt.Errorf("the method '%s' doesn't exist or the plugin has not been initialized", static.Method) +++++ if _, ok := ectx.Registered[static.Method]; !ok { +++++ log.Warningf("the method '%s' doesn't exist or the plugin has not been initialized", static.Method) ++++ } ++++ } else { ++++ if static.Meta == "" && static.Parsed == "" && static.TargetByName == "" { ++++@@ -350,7 +343,7 @@ func (n *Node) process(p *types.Event, ctx UnixParserCtx) (bool, error) { ++++ return NodeState, nil ++++ } ++++ ++++-func (n *Node) compile(pctx *UnixParserCtx, ectx []EnricherCtx) error { +++++func (n *Node) compile(pctx *UnixParserCtx, ectx EnricherCtx) error { ++++ var err error ++++ var valid bool ++++ ++++diff --git a/pkg/parser/node_test.go b/pkg/parser/node_test.go ++++index 4724fc7..f8fdea1 100644 ++++--- a/pkg/parser/node_test.go +++++++ b/pkg/parser/node_test.go ++++@@ -41,7 +41,7 @@ func TestParserConfigs(t *testing.T) { ++++ //{&Node{Debug: true, Grok: []GrokPattern{ GrokPattern{}, }}, false}, ++++ } ++++ for idx := range CfgTests { ++++- err := CfgTests[idx].NodeCfg.compile(pctx, []EnricherCtx{}) +++++ err := CfgTests[idx].NodeCfg.compile(pctx, EnricherCtx{}) ++++ if CfgTests[idx].Compiles == true && err != nil { ++++ t.Fatalf("Compile: (%d/%d) expected valid, got : %s", idx+1, len(CfgTests), err) ++++ } ++++@@ -49,7 +49,7 @@ func TestParserConfigs(t *testing.T) { ++++ t.Fatalf("Compile: (%d/%d) expected errror", idx+1, len(CfgTests)) ++++ } ++++ ++++- err = CfgTests[idx].NodeCfg.validate(pctx, []EnricherCtx{}) +++++ err = CfgTests[idx].NodeCfg.validate(pctx, EnricherCtx{}) ++++ if CfgTests[idx].Valid == true && err != nil { ++++ t.Fatalf("Valid: (%d/%d) expected valid, got : %s", idx+1, len(CfgTests), err) ++++ } ++++diff --git a/pkg/parser/parsing_test.go b/pkg/parser/parsing_test.go ++++index 2a57b3a..bcf3919 100644 ++++--- a/pkg/parser/parsing_test.go +++++++ b/pkg/parser/parsing_test.go ++++@@ -89,7 +89,7 @@ func BenchmarkParser(t *testing.B) { ++++ } ++++ } ++++ ++++-func testOneParser(pctx *UnixParserCtx, ectx []EnricherCtx, dir string, b *testing.B) error { +++++func testOneParser(pctx *UnixParserCtx, ectx EnricherCtx, dir string, b *testing.B) error { ++++ ++++ var ( ++++ err error ++++@@ -139,11 +139,11 @@ func testOneParser(pctx *UnixParserCtx, ectx []EnricherCtx, dir string, b *testi ++++ } ++++ ++++ //prepTests is going to do the initialisation of parser : it's going to load enrichment plugins and load the patterns. This is done here so that we don't redo it for each test ++++-func prepTests() (*UnixParserCtx, []EnricherCtx, error) { +++++func prepTests() (*UnixParserCtx, EnricherCtx, error) { ++++ var ( ++++ err error ++++ pctx *UnixParserCtx ++++- ectx []EnricherCtx +++++ ectx EnricherCtx ++++ ) ++++ ++++ err = exprhelpers.Init() ++++@@ -166,7 +166,7 @@ func prepTests() (*UnixParserCtx, []EnricherCtx, error) { ++++ // Init the parser ++++ pctx, err = Init(map[string]interface{}{"patterns": cfgdir + string("/patterns/"), "data": "./tests/"}) ++++ if err != nil { ++++- return nil, nil, fmt.Errorf("failed to initialize parser : %v", err) +++++ return nil, ectx, fmt.Errorf("failed to initialize parser : %v", err) ++++ } ++++ return pctx, ectx, nil ++++ } ++++diff --git a/pkg/parser/runtime.go b/pkg/parser/runtime.go ++++index a701ff2..2ce3059 100644 ++++--- a/pkg/parser/runtime.go +++++++ b/pkg/parser/runtime.go ++++@@ -140,29 +140,26 @@ func (n *Node) ProcessStatics(statics []types.ExtraField, event *types.Event) er ++++ if static.Method != "" { ++++ processed := false ++++ /*still way too hackish, but : inject all the results in enriched, and */ ++++- for _, x := range n.EnrichFunctions { ++++- if fptr, ok := x.Funcs[static.Method]; ok && x.initiated { ++++- clog.Tracef("Found method '%s'", static.Method) ++++- ret, err := fptr(value, event, x.RuntimeCtx) ++++- if err != nil { ++++- clog.Fatalf("plugin function error : %v", err) ++++- } ++++- processed = true ++++- clog.Debugf("+ Method %s('%s') returned %d entries to merge in .Enriched\n", static.Method, value, len(ret)) ++++- if len(ret) == 0 { ++++- clog.Debugf("+ Method '%s' empty response on '%s'", static.Method, value) ++++- } ++++- for k, v := range ret { ++++- clog.Debugf("\t.Enriched[%s] = '%s'\n", k, v) ++++- event.Enriched[k] = v ++++- } ++++- break ++++- } else { ++++- clog.Warningf("method '%s' doesn't exist or plugin not initialized", static.Method) +++++ if enricherPlugin, ok := n.EnrichFunctions.Registered[static.Method]; ok { +++++ clog.Tracef("Found method '%s'", static.Method) +++++ ret, err := enricherPlugin.EnrichFunc(value, event, enricherPlugin.Ctx) +++++ if err != nil { +++++ clog.Errorf("method '%s' returned an error : %v", static.Method, err) ++++ } +++++ processed = true +++++ clog.Debugf("+ Method %s('%s') returned %d entries to merge in .Enriched\n", static.Method, value, len(ret)) +++++ if len(ret) == 0 { +++++ clog.Debugf("+ Method '%s' empty response on '%s'", static.Method, value) +++++ } +++++ for k, v := range ret { +++++ clog.Debugf("\t.Enriched[%s] = '%s'\n", k, v) +++++ event.Enriched[k] = v +++++ } +++++ } else { +++++ clog.Debugf("method '%s' doesn't exist or plugin not initialized", static.Method) ++++ } ++++ if !processed { ++++- clog.Warningf("method '%s' doesn't exist", static.Method) +++++ clog.Debugf("method '%s' doesn't exist", static.Method) ++++ } ++++ } else if static.Parsed != "" { ++++ clog.Debugf(".Parsed[%s] = '%s'", static.Parsed, value) ++++diff --git a/pkg/parser/stage.go b/pkg/parser/stage.go ++++index a5635b4..fe1e2d4 100644 ++++--- a/pkg/parser/stage.go +++++++ b/pkg/parser/stage.go ++++@@ -37,7 +37,7 @@ type Stagefile struct { ++++ Stage string `yaml:"stage"` ++++ } ++++ ++++-func LoadStages(stageFiles []Stagefile, pctx *UnixParserCtx, ectx []EnricherCtx) ([]Node, error) { +++++func LoadStages(stageFiles []Stagefile, pctx *UnixParserCtx, ectx EnricherCtx) ([]Node, error) { ++++ var nodes []Node ++++ tmpstages := make(map[string]bool) ++++ pctx.Stages = []string{} ++++diff --git a/pkg/parser/unix_parser.go b/pkg/parser/unix_parser.go ++++index c21d4ed..892c2f3 100644 ++++--- a/pkg/parser/unix_parser.go +++++++ b/pkg/parser/unix_parser.go ++++@@ -24,7 +24,7 @@ type Parsers struct { ++++ PovfwStageFiles []Stagefile ++++ Nodes []Node ++++ Povfwnodes []Node ++++- EnricherCtx []EnricherCtx +++++ EnricherCtx EnricherCtx ++++ } ++++ ++++ func Init(c map[string]interface{}) (*UnixParserCtx, error) { ++++-- ++++2.30.2 ++++ diff --cc debian/patches/0011-4dbbd4b3c4-automatically-download-files-when-needed.patch index 0000000,0000000,0000000,0000000..a19877c new file mode 100644 --- /dev/null +++ b/debian/patches/0011-4dbbd4b3c4-automatically-download-files-when-needed.patch @@@@@ -1,0 -1,0 -1,0 -1,0 +1,122 @@@@@ ++++From 5fc744d27dbffc852eb4d2c5874a7b981aad6335 Mon Sep 17 00:00:00 2001 ++++From: Manuel Sabban ++++Date: Thu, 19 Aug 2021 09:08:20 +0200 ++++Subject: [PATCH] Download datafile (#895) ++++ ++++* add the ability to download datafile on cscli hub upgrade on files are missing ++++* fix stuff + lint ++++* fix error management ++++ ++++Co-authored-by: sabban <15465465+sabban@users.noreply.github.com> ++++--- ++++ cmd/crowdsec-cli/utils.go | 4 +++ ++++ pkg/cwhub/download.go | 54 +++++++++++++++++++++++++++++++++------ ++++ 2 files changed, 50 insertions(+), 8 deletions(-) ++++ ++++diff --git a/cmd/crowdsec-cli/utils.go b/cmd/crowdsec-cli/utils.go ++++index 003181b..925f779 100644 ++++--- a/cmd/crowdsec-cli/utils.go +++++++ b/cmd/crowdsec-cli/utils.go ++++@@ -216,7 +216,11 @@ func UpgradeConfig(itemType string, name string, force bool) { ++++ found = true ++++ if v.UpToDate { ++++ log.Infof("%s : up-to-date", v.Name) +++++ ++++ if !force { +++++ if err = cwhub.DownloadDataIfNeeded(csConfig.Cscli.DataDir, csConfig.Cscli.HubDir, v, false); err != nil { +++++ log.Fatalf("%s : download failed : %v", v.Name, err) +++++ } ++++ continue ++++ } ++++ } ++++diff --git a/pkg/cwhub/download.go b/pkg/cwhub/download.go ++++index 91fb8ec..64df7e8 100644 ++++--- a/pkg/cwhub/download.go +++++++ b/pkg/cwhub/download.go ++++@@ -3,6 +3,7 @@ package cwhub ++++ import ( ++++ "bytes" ++++ "crypto/sha256" +++++ "path" ++++ "path/filepath" ++++ ++++ //"errors" ++++@@ -134,7 +135,7 @@ func DownloadItem(cscli *csconfig.CscliCfg, target Item, overwrite bool) (Item, ++++ } ++++ if target.UpToDate { ++++ log.Debugf("%s : up-to-date, not updated", target.Name) ++++- return target, nil +++++ // We still have to check if data files are present ++++ } ++++ } ++++ req, err := http.NewRequest("GET", fmt.Sprintf(RawFileURLTemplate, HubBranch, target.RemotePath), nil) ++++@@ -204,7 +205,34 @@ func DownloadItem(cscli *csconfig.CscliCfg, target Item, overwrite bool) (Item, ++++ target.Tainted = false ++++ target.UpToDate = true ++++ ++++- dec := yaml.NewDecoder(bytes.NewReader(body)) +++++ if err = downloadData(dataFolder, overwrite, bytes.NewReader(body)); err != nil { +++++ return target, errors.Wrapf(err, "while downloading data for %s", target.FileName) +++++ } +++++ +++++ hubIdx[target.Type][target.Name] = target +++++ return target, nil +++++} +++++ +++++func DownloadDataIfNeeded(dataFolder string, hubdir string, target Item, force bool) error { +++++ var ( +++++ itemFile *os.File +++++ err error +++++ ) +++++ itemFilePath := fmt.Sprintf("%s/%s", hubdir, target.RemotePath) +++++ +++++ if itemFile, err = os.Open(itemFilePath); err != nil { +++++ return errors.Wrapf(err, "while opening %s", itemFilePath) +++++ } +++++ if err = downloadData(dataFolder, force, itemFile); err != nil { +++++ return errors.Wrapf(err, "while downloading data for %s", itemFilePath) +++++ } +++++ return nil +++++} +++++ +++++func downloadData(dataFolder string, force bool, reader io.Reader) error { +++++ var err error +++++ dec := yaml.NewDecoder(reader) +++++ ++++ for { ++++ data := &types.DataSet{} ++++ err = dec.Decode(data) ++++@@ -212,14 +240,24 @@ func DownloadItem(cscli *csconfig.CscliCfg, target Item, overwrite bool) (Item, ++++ if err == io.EOF { ++++ break ++++ } else { ++++- return target, errors.Wrap(err, "while reading file") +++++ return errors.Wrap(err, "while reading file") ++++ } ++++ } ++++- err = types.GetData(data.Data, dataFolder) ++++- if err != nil { ++++- return target, errors.Wrap(err, "while getting data") +++++ +++++ download := false +++++ if !force { +++++ for _, dataS := range data.Data { +++++ if _, err := os.Stat(path.Join(dataFolder, dataS.DestPath)); os.IsNotExist(err) { +++++ download = true +++++ } +++++ } +++++ } +++++ if download || force { +++++ err = types.GetData(data.Data, dataFolder) +++++ if err != nil { +++++ return errors.Wrap(err, "while getting data") +++++ } ++++ } ++++ } ++++- hubIdx[target.Type][target.Name] = target ++++- return target, nil +++++ return nil ++++ } ++++-- ++++2.30.2 ++++ diff --cc debian/patches/series index 0000000,0000000,0000000,0000000..7463020 new file mode 100644 --- /dev/null +++ b/debian/patches/series @@@@@ -1,0 -1,0 -1,0 -1,0 +1,11 @@@@@ ++++0001-use-a-local-machineid-implementation.patch ++++0002-add-compatibility-for-older-sqlite-driver.patch ++++0003-adjust-systemd-unit.patch ++++0004-disable-geoip-enrich.patch ++++0005-adjust-config.patch ++++0006-prefer-systemctl-restart.patch ++++0007-automatically-enable-online-hub.patch ++++0008-hub-disable-broken-scenario.patch ++++0009-Improve-http-bad-user-agent-use-regexp-197.patch ++++0010-5ae69aa293-fix-stacktrace-when-mmdb-files-are-not-present.patch ++++0011-4dbbd4b3c4-automatically-download-files-when-needed.patch diff --cc debian/postinst index 0000000,0000000,0000000,0000000..927be6e new file mode 100644 --- /dev/null +++ b/debian/postinst @@@@@ -1,0 -1,0 -1,0 -1,0 +1,103 @@@@@ ++++#!/bin/sh ++++set -e ++++ ++++# See README.Debian for the distinction between online and offline ++++# hubs: ++++OFFLINE_HUB=/usr/share/crowdsec/hub ++++LIVE_HUB=/var/lib/crowdsec/hub ++++ITEMS="blockers collections parsers postoverflows scenarios .index.json" ++++ ++++# Offline hub = symlinks are in place, so that an updated Debian ++++# package ships updated items from the hub: ++++disable_online_hub() { ++++ rm -rf "$LIVE_HUB" ++++ mkdir "$LIVE_HUB" ++++ for item in $ITEMS; do ++++ ln -s "$OFFLINE_HUB/$item" "$LIVE_HUB" ++++ done ++++} ++++ ++++# Online hub = we replace symlinks with a copy of the items they point ++++# to, so that enabled items (symlinks from /etc) aren't disabled ++++# because of dangling symlinks. Let `cscli hub upgrade` replace the ++++# original copy as required: ++++enable_online_hub() { ++++ # Idempotence: once this function has been called once, .index.json ++++ # should no longer be a symlink, so it can be called each time ++++ # `cscli hub update` is called: ++++ if [ -L "$LIVE_HUB/.index.json" ]; then ++++ echo "I: Switching from offline hub to online hub (see README.Debian)" ++++ for item in $ITEMS; do ++++ if [ -L "$LIVE_HUB/$item" ]; then ++++ rm -f "$LIVE_HUB/$item" ++++ cp -r "$OFFLINE_HUB/$item" "$LIVE_HUB" ++++ fi ++++ done ++++ fi ++++} ++++ ++++ ++++CAPI=/etc/crowdsec/online_api_credentials.yaml ++++LAPI=/etc/crowdsec/local_api_credentials.yaml ++++ ++++if [ "$1" = configure ]; then ++++ if [ ! -f "$LAPI" ]; then ++++ echo "I: Registering to LAPI ($LAPI)" ++++ touch "$LAPI" ++++ # This is required as of 1.0.8 at least: ++++ touch "$CAPI" ++++ ++++ # Minimal environments (e.g. piuparts): ++++ if [ ! -f /etc/machine-id ]; then ++++ echo "W: Missing /etc/machine-id, initializing" ++++ sed 's/-//g' < /proc/sys/kernel/random/uuid > /etc/machine-id ++++ fi ++++ ++++ cscli machines add --force "$(cat /etc/machine-id)" --password "$(tr -dc 'a-zA-Z0-9' < /dev/urandom | fold -w 32 | head -n 1)" ++++ fi ++++ ++++ # Heuristics: if the file is empty, it's probably been just created ++++ # by the touch call above, and we want to register. Otherwise, ++++ # either the user has created a file in advance to disable CAPI ++++ # registration, or we've already registered to CAPI in a previous ++++ # configure run (in both cases, don't do anything): ++++ if [ ! -s "$CAPI" ]; then ++++ echo "I: Registering to CAPI ($CAPI)" ++++ cscli capi register ++++ fi ++++ ++++ # Missing index means initial install, let's go for setting up ++++ # offline hub + enabling everything per upstream recommendation: ++++ if [ ! -e /var/lib/crowdsec/hub/.index.json ]; then ++++ echo "I: Setting up offline hub (see README.Debian)" ++++ disable_online_hub ++++ ++++ # Symlinks: ++++ echo "I: Enabling all items (via symlinks from /etc/crowdsec)" ++++ find /var/lib/crowdsec/hub/*/ -name '*yaml' | \ ++++ while read target; do ++++ source=${target##/var/lib/crowdsec/hub/} ++++ # Code as of 1.0.8 is picky about the number of ++++ # (sub)directories, so the vendor must be stripped: ++++ source=$(echo "$source"|sed 's,crowdsecurity/\|ltsich/,,') ++++ mkdir -p /etc/crowdsec/$(dirname "$source") ++++ ln -s "$target" "/etc/crowdsec/$source" ++++ done ++++ ++++ # Initial copy of data files: ++++ cp /usr/share/crowdsec/data/* /var/lib/crowdsec/data/ ++++ fi ++++fi ++++ ++++case "$1" in ++++ disable-online-hub) ++++ disable_online_hub ++++ echo "I: Don't forget to inspect the config, and run 'systemctl restart crowdsec' afterward" ++++ ;; ++++ enable-online-hub) ++++ enable_online_hub ++++ ;; ++++esac ++++ ++++ ++++#DEBHELPER# diff --cc debian/postrm index 0000000,0000000,0000000,0000000..ba90c90 new file mode 100644 --- /dev/null +++ b/debian/postrm @@@@@ -1,0 -1,0 -1,0 -1,0 +1,30 @@@@@ ++++#!/bin/sh ++++set -e ++++ ++++CAPI=/etc/crowdsec/online_api_credentials.yaml ++++LAPI=/etc/crowdsec/local_api_credentials.yaml ++++ ++++if [ "$1" = purge ]; then ++++ # Might have been created by the postinst during CAPI registration, ++++ # or created by the admin to prevent CAPI registration. Keep only ++++ # this file if it doesn't seem to have been generated by the CAPI ++++ # registration. The rest of /etc/crowdsec goes away in all cases: ++++ if [ -f "$CAPI" ] && ! grep -qs '^url: https://api.crowdsec.net/$' "$CAPI"; then ++++ mv "$CAPI" /var/lib/crowdsec/online_api_credentials.yaml ++++ rm -rf /etc/crowdsec ++++ mkdir -p /etc/crowdsec ++++ mv /var/lib/crowdsec/online_api_credentials.yaml "$CAPI" ++++ else ++++ rm -rf /etc/crowdsec ++++ fi ++++ ++++ # Local config and hub: ++++ rm -rf /var/lib/crowdsec/data ++++ rm -rf /var/lib/crowdsec/hub ++++ ++++ # Logs: ++++ rm -f /var/log/crowdsec.log ++++ rm -f /var/log/crowdsec_api.log ++++fi ++++ ++++#DEBHELPER# diff --cc debian/rules index 0000000,0000000,0000000,0000000..cd8b5a4 new file mode 100755 --- /dev/null +++ b/debian/rules @@@@@ -1,0 -1,0 -1,0 -1,0 +1,59 @@@@@ ++++#!/usr/bin/make -f ++++ ++++export DH_GOLANG_INSTALL_ALL := 1 ++++export DH_GOLANG_EXCLUDES := hub\d+ data\d+ ++++ ++++export BUILD_VERSION := $(shell dpkg-parsechangelog -SVersion) ++++export BUILD_TAG := debian ++++export BUILD_CODENAME := $(shell awk '/CodeName/ { gsub(/\"/, "", $$2); print $$2 }' RELEASE.json) ++++export BUILD_GOVERSION := $(shell go version | awk '{ gsub(/^go/, "", $$3); print $$3 }') ++++export BUILD_DATE := $(shell TZ=Etc/UTC date +'%F_%T' -d @$(SOURCE_DATE_EPOCH)) ++++export set_cwversion := -X github.com/crowdsecurity/crowdsec/pkg/cwversion ++++export LD_FLAGS := -ldflags '-s -w \ ++++ $(set_cwversion).Version=$(BUILD_VERSION) \ ++++ $(set_cwversion).Tag=$(BUILD_TAG) \ ++++ $(set_cwversion).Codename=$(BUILD_CODENAME) \ ++++ $(set_cwversion).GoVersion=$(BUILD_GOVERSION) \ ++++ $(set_cwversion).BuildDate=$(BUILD_DATE) \ ++++' ++++ ++++# Use 1 for a new upstream release, and bump it when an update of the ++++# hub files is desired while the upstream version doesn't change. See ++++# below for the generate_hub_tarball target: ++++export DATA_ID := 1 ++++export HUB_ID := 1 ++++export HUB_BRANCH := master ++++export HUB_DIR := ../hub ++++export U_VERSION := $(shell dpkg-parsechangelog -SVersion|sed 's/-.*//') ++++ ++++%: ++++ dh $@ --builddirectory=_build --buildsystem=golang --with=golang ++++ ++++override_dh_auto_build: ++++ dh_auto_build -- $(LD_FLAGS) ++++ ++++override_dh_auto_install: ++++ dh_auto_install -- --no-source ++++ ++++override_dh_install: ++++ dh_install ++++ # Switch from Golang naming to upstream-desired naming: ++++ mv debian/crowdsec/usr/bin/crowdsec-cli \ ++++ debian/crowdsec/usr/bin/cscli ++++ # Adjust the hub branch according to the upstream version: ++++ sed "s/\(.*hub_branch:\) master/\1 v$(U_VERSION)/" -i debian/crowdsec/etc/crowdsec/config.yaml ++++ # Drop unit tests from the hub: ++++ find debian/crowdsec/usr/share/crowdsec/hub -depth -name '.tests' -exec rm -rf '{}' ';' ++++ ++++ ++++### Maintainer targets: ++++ ++++generate_hub_tarball: ++++ cd $(HUB_DIR) && git archive --prefix hub$(HUB_ID)/ $(HUB_BRANCH) | gzip -9 > ../crowdsec_$(U_VERSION).orig-hub$(HUB_ID).tar.gz \ ++++ && echo "Generated hub tarball from branch $(HUB_BRANCH), at commit `git show $(HUB_BRANCH) | awk '/^commit / {print $$2; quit}' | cut -b -10`" ++++ ++++extract_hub_tarball: ++++ tar xf ../crowdsec_$(U_VERSION).orig-hub$(HUB_ID).tar.gz ++++ ++++extract_data_tarball: ++++ tar xf ../crowdsec_$(U_VERSION).orig-data$(HUB_ID).tar.gz diff --cc debian/source/format index 0000000,0000000,0000000,0000000..163aaf8 new file mode 100644 --- /dev/null +++ b/debian/source/format @@@@@ -1,0 -1,0 -1,0 -1,0 +1,1 @@@@@ ++++3.0 (quilt) diff --cc debian/upstream/metadata index 0000000,0000000,0000000,0000000..0038940 new file mode 100644 --- /dev/null +++ b/debian/upstream/metadata @@@@@ -1,0 -1,0 -1,0 -1,0 +1,5 @@@@@ ++++--- ++++Bug-Database: https://github.com/crowdsecurity/crowdsec/issues ++++Bug-Submit: https://github.com/crowdsecurity/crowdsec/issues/new ++++Repository: https://github.com/crowdsecurity/crowdsec.git ++++Repository-Browse: https://github.com/crowdsecurity/crowdsec diff --cc debian/watch index 0000000,0000000,0000000,0000000..f6c12be new file mode 100644 --- /dev/null +++ b/debian/watch @@@@@ -1,0 -1,0 -1,0 -1,0 +1,4 @@@@@ ++++version=4 ++++opts="filenamemangle=s%(?:.*?)?v?(\d[\d.]*)\.tar\.gz%crowdsec-$1.tar.gz%,\ ++++ uversionmangle=s/(\d)[_\.\-\+]?(RC|rc|pre|dev|beta|alpha)[.]?(\d*)$/\$1~\$2\$3/" \ ++++ https://github.com/crowdsecurity/crowdsec/tags .*/v?(\d\S*)\.tar\.gz debian diff --cc hub1/.exportedField/exported.go index 0000000,0000000,0000000,0000000..f3f6344 new file mode 100644 --- /dev/null +++ b/hub1/.exportedField/exported.go @@@@@ -1,0 -1,0 -1,0 -1,0 +1,68 @@@@@ ++++package main ++++ ++++import ( ++++ "io/ioutil" ++++ "log" ++++ "os" ++++ "path/filepath" ++++ ++++ "github.com/crowdsecurity/crowdsec/pkg/types" ++++ "gopkg.in/yaml.v2" ++++) ++++ ++++type ParserResults struct { ++++ ProvisionalResults []map[string]map[string]types.Event ++++ FinalResults []types.Event ++++} ++++ ++++func main() { ++++ var ( ++++ buf []byte ++++ err error ++++ results []types.Event = []types.Event{} ++++ final types.Event = types.Event{ ++++ Enriched: map[string]string{}, ++++ Parsed: map[string]string{}, ++++ Meta: map[string]string{}, ++++ } ++++ ) ++++ _ = filepath.Walk(".", func(path string, info os.FileInfo, err error) error { ++++ if err != nil { ++++ log.Printf("prevent panic by handling failure accessing a path %q: %v\n", path, err) ++++ return err ++++ } ++++ if !info.IsDir() && info.Name() == "parser_results.yaml" { ++++ if buf, err = ioutil.ReadFile(path); err != nil { ++++ log.Printf("Unable to read %s: %s", path, err) ++++ return err ++++ } ++++ tmp := ParserResults{} ++++ if err = yaml.Unmarshal(buf, &tmp); err != nil { ++++ log.Printf("Unable to unmarshal path %s: %s", path, err) ++++ } ++++ results = append(results, tmp.FinalResults...) ++++ } ++++ return nil ++++ ++++ }) ++++ ++++ for _, result := range results { ++++ for key, value := range result.Enriched { ++++ final.Enriched[key] = value ++++ } ++++ for key, value := range result.Parsed { ++++ final.Parsed[key] = value ++++ } ++++ for key, value := range result.Meta { ++++ final.Meta[key] = value ++++ } ++++ } ++++ ++++ if buf, err = yaml.Marshal(final); err != nil { ++++ log.Printf("Unable to marshal result: %s", err) ++++ } ++++ ++++ if err = ioutil.WriteFile("exportedField.yaml", buf, 0644); err != nil { ++++ log.Printf("Unable to write file: %s", err) ++++ } ++++} diff --cc hub1/.exportedField/go.mod index 0000000,0000000,0000000,0000000..206c030 new file mode 100644 --- /dev/null +++ b/hub1/.exportedField/go.mod @@@@@ -1,0 -1,0 -1,0 -1,0 +1,3 @@@@@ ++++module exported ++++ ++++go 1.15 diff --cc hub1/.github/workflows/dispatch_create_branch.yaml index 0000000,0000000,0000000,0000000..0a40dc4 new file mode 100644 --- /dev/null +++ b/hub1/.github/workflows/dispatch_create_branch.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,16 @@@@@ ++++name: Create branch from external dispatch ++++ ++++on: ++++ repository_dispatch: ++++ types: ['create_branch'] ++++ ++++jobs: ++++ create_branch: ++++ runs-on: ubuntu-latest ++++ steps: ++++ - uses: actions/checkout@v2 ++++ - uses: peterjgrainger/action-create-branch@v1.0.0 ++++ env: ++++ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} ++++ with: ++++ branch: ${{ github.event.client_payload.version }} diff --cc hub1/.github/workflows/dispatch_delete_branch.yaml index 0000000,0000000,0000000,0000000..069774a new file mode 100644 --- /dev/null +++ b/hub1/.github/workflows/dispatch_delete_branch.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,16 @@@@@ ++++name: Delete branch from external dispatch ++++ ++++on: ++++ repository_dispatch: ++++ types: ['delete_branch'] ++++ ++++jobs: ++++ delete_branch: ++++ runs-on: ubuntu-latest ++++ steps: ++++ - uses: actions/checkout@v2 ++++ - name: Delete branch ++++ uses: dawidd6/action-delete-branch@v3 ++++ with: ++++ github_token: ${{github.token}} ++++ branches: ${{ github.event.client_payload.version }} diff --cc hub1/.github/workflows/generate_taxonomy.yaml index 0000000,0000000,0000000,0000000..5be829f new file mode 100644 --- /dev/null +++ b/hub1/.github/workflows/generate_taxonomy.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,36 @@@@@ ++++name: Generate Taxonomy ++++ ++++on: ++++ push: ++++ branches: [ master, wip_lapi ] ++++ pull_request: ++++ branches: [ master, wip_lapi ] ++++ ++++jobs: ++++ generate_taxonomy: ++++ runs-on: ubuntu-latest ++++ steps: ++++ - uses: actions/checkout@v1 ++++ - name: Set up Go 1.15 ++++ uses: actions/setup-go@v1 ++++ with: ++++ go-version: 1.15 ++++ id: go ++++ - name: merge all results ++++ run: | ++++ cd .exportedField ++++ export GO111MODULE=on ++++ go build exported.go ++++ cd .. ++++ .exportedField/exported ++++ - name: commit file ++++ run: | ++++ git config --local user.email "action@github.com" ++++ git config --local user.name "GitHub Action" ++++ git commit -m "Update exportedFields" exportedFields.json || exit 0 ++++ - name: Push changes ++++ uses: ad-m/github-push-action@master ++++ if: github.event_name == 'push' ++++ with: ++++ github_token: ${{ secrets.REPO_ACCESS_TOKEN }} ++++ branch: ${{ github.ref }} diff --cc hub1/.github/workflows/test_configurations.yaml index 0000000,0000000,0000000,0000000..24ea1e6 new file mode 100644 --- /dev/null +++ b/hub1/.github/workflows/test_configurations.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,49 @@@@@ ++++name: Test Hub Configurations Items on Hub Changes ++++on: ++++ - push ++++jobs: ++++ build-hub-tests: ++++ runs-on: ubuntu-latest ++++ env: ++++ RESULTS_PATH: . ++++ steps: ++++ - name: Set up Go 1.13 ++++ uses: actions/setup-go@v1 ++++ with: ++++ go-version: 1.13 ++++ id: go ++++ - name: Check out code into the Go module directory ++++ uses: actions/checkout@v2 ++++ - name: run tests on crowdsec master ++++ run: | ++++ rm -rf hub-tests ++++ ./tests.sh -i master ++++ ./tests.sh --all ++++ - name: Find Crowdsec Latest Release Tag ++++ id: latesttag ++++ uses: pozetroninc/github-action-get-latest-release@master ++++ with: ++++ repository: crowdsecurity/crowdsec ++++ excludes: prerelease, draft ++++ - name: run tests on last crowdsec tag ++++ run: | ++++ rm -rf hub-tests ++++ ./tests.sh -i ${{ steps.latesttag.outputs.release }} ++++ ./tests.sh --all ++++ - name: generate results ++++ run: | ++++ sudo apt-get update && sudo apt-get install nodejs-dev node-gyp libssl1.0-dev && sudo apt-get install npm ++++ sudo npm i -g xunit-viewer ++++ xunit-viewer -r output.xml ++++ set +x ++++ mkdir public ++++ sudo mv index.html public ++++ id: tests ++++ - name: Deploy to GitHub Pages ++++ if: github.ref == 'refs/heads/master' ++++ uses: JamesIves/github-pages-deploy-action@3.7.1 ++++ with: ++++ BRANCH: gh-pages ++++ FOLDER: public ++++ ACCESS_TOKEN: ${{ secrets.REPO_ACCESS_TOKEN }} ++++ diff --cc hub1/.github/workflows/test_configurations_on_hub-tests_changes.yaml index 0000000,0000000,0000000,0000000..8019c70 new file mode 100644 --- /dev/null +++ b/hub1/.github/workflows/test_configurations_on_hub-tests_changes.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,38 @@@@@ ++++name: Test Hub Configurations Items ++++on: ++++ - repository_dispatch ++++ ++++jobs: ++++ build-hub-tests: ++++ runs-on: ubuntu-latest ++++ env: ++++ RESULTS_PATH: . ++++ steps: ++++ - name: Set up Go 1.13 ++++ uses: actions/setup-go@v1 ++++ with: ++++ go-version: 1.13 ++++ id: go ++++ - name: Check out code into the Go module directory ++++ uses: actions/checkout@v2 ++++ - name: run tests ++++ run: | ++++ ./tests.sh -i ${{ github.event.client_payload.version }} ++++ ./tests.sh --all ++++ - name: generate results ++++ run: | ++++ sudo apt-get update && sudo apt-get install nodejs-dev node-gyp libssl1.0-dev && sudo apt-get install npm ++++ sudo npm i -g xunit-viewer ++++ xunit-viewer -r output.xml ++++ set +x ++++ mkdir public ++++ sudo mv index.html public ++++ id: tests ++++ - name: Deploy to GitHub Pages ++++ if: github.ref == 'refs/heads/master' ++++ uses: JamesIves/github-pages-deploy-action@3.7.1 ++++ with: ++++ BRANCH: gh-pages ++++ FOLDER: public ++++ ACCESS_TOKEN: ${{ secrets.REPO_ACCESS_TOKEN }} ++++ diff --cc hub1/.github/workflows/update-blockers.yml index 0000000,0000000,0000000,0000000..16c38ad new file mode 100644 --- /dev/null +++ b/hub1/.github/workflows/update-blockers.yml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,29 @@@@@ ++++name: Update Blockers Meta ++++ ++++on: ++++ schedule: ++++ - cron: '0 6 * * *' ++++ - cron: '0 18 * * *' ++++ ++++jobs: ++++ update_blockers: ++++ runs-on: ubuntu-latest ++++ steps: ++++ - uses: actions/setup-go@v1 ++++ with: ++++ go-version: 1.13 ++++ - uses: actions/checkout@v1 ++++ - name: Create local changes ++++ run: | ++++ go build ++++ ./main -target blockers ++++ - name: Commit files ++++ run: | ++++ git config --local user.email "action@github.com" ++++ git config --local user.name "GitHub Action" ++++ git commit -m "Update blockers meta" blockers.json || exit 0 ++++ - name: Push changes ++++ uses: ad-m/github-push-action@master ++++ with: ++++ github_token: ${{ secrets.GITHUB_TOKEN }} ++++ branch: master diff --cc hub1/.github/workflows/update-index.yml index 0000000,0000000,0000000,0000000..0be3536 new file mode 100644 --- /dev/null +++ b/hub1/.github/workflows/update-index.yml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,39 @@@@@ ++++name: Update index ++++ ++++on: ++++ push: ++++ paths: ++++ - 'scenarios/**.yaml' ++++ - 'parsers/**.yaml' ++++ - 'postoverflows/**.yaml' ++++ - 'collections/**.yaml' ++++ - 'scenarios/**.md' ++++ - 'parsers/**.md' ++++ - 'postoverflows/**.md' ++++ - 'collections/**.md' ++++ ++++jobs: ++++ build: ++++ runs-on: ubuntu-latest ++++ steps: ++++ - uses: actions/setup-go@v1 ++++ with: ++++ go-version: 1.13 ++++ - uses: actions/checkout@v1 ++++ - name: Create local changes ++++ run: | ++++ go build ++++ ./main -target configs ++++ - name: Commit files ++++ if: ${{ github.event_name == 'push'}} ++++ run: | ++++ git config --local user.email "action@github.com" ++++ git config --local user.name "GitHub Action" ++++ git commit -m "Update index" .index.json || exit 0 ++++ - name: Push changes ++++ if: ${{ github.event_name == 'push'}} ++++ uses: ad-m/github-push-action@master ++++ with: ++++ github_token: ${{ secrets.GITHUB_TOKEN }} ++++ branch: ${{ github.ref }} ++++ diff --cc hub1/.gitignore index 0000000,0000000,0000000,0000000..faf924f new file mode 100644 --- /dev/null +++ b/hub1/.gitignore @@@@@ -1,0 -1,0 -1,0 -1,0 +1,12 @@@@@ ++++## Directories for hub-test ++++config/ ++++hub-tests/ ++++data/ ++++output.xml ++++ ++++**.fail ++++go.sum ++++.vscode/ ++++main ++++ ++++workspace.code-workspace diff --cc hub1/.index.json index 0000000,0000000,0000000,0000000..fa44adf new file mode 100644 --- /dev/null +++ b/hub1/.index.json @@@@@ -1,0 -1,0 -1,0 -1,0 +1,1231 @@@@@ ++++{ ++++ "collections": { ++++ "crowdsecurity/apache2": { ++++ "path": "collections/crowdsecurity/apache2.yaml", ++++ "version": "0.1", ++++ "versions": { ++++ "0.1": { ++++ "digest": "3601f38e187479724e830e0182f51468c980f661e6eedc6d2e586f622e3b48ea", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "QSBjb2xsZWN0aW9uIGZvciBhcGFjaGUyIDoKIC0gYXBhY2hlMiBwYXJzZXIKIC0gYmFzZSBodHRwIHNjZW5hcmlvcyBmb3IgY3Jhd2wsIHNjYW4gZXRjLgoK", ++++ "content": "cGFyc2VyczoKI2dlbmVyaWMgcG9zdC1wYXJzaW5nIG9mIGh0dHAgc3R1ZmYKICAtIGNyb3dkc2VjdXJpdHkvYXBhY2hlMi1sb2dzCmNvbGxlY3Rpb25zOgogIC0gY3Jvd2RzZWN1cml0eS9iYXNlLWh0dHAtc2NlbmFyaW9zCmRlc2NyaXB0aW9uOiAiYXBhY2hlMiBzdXBwb3J0IDogcGFyc2VyIGFuZCBnZW5lcmljIGh0dHAgc2NlbmFyaW9zICIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBsaW51eAogIC0gYXBhY2hlMgogIC0gY3Jhd2wKICAtIHNjYW4KCg==", ++++ "description": "apache2 support : parser and generic http scenarios ", ++++ "author": "crowdsecurity", ++++ "labels": null, ++++ "parsers": [ ++++ "crowdsecurity/apache2-logs" ++++ ], ++++ "collections": [ ++++ "crowdsecurity/base-http-scenarios" ++++ ] ++++ }, ++++ "crowdsecurity/base-http-scenarios": { ++++ "path": "collections/crowdsecurity/base-http-scenarios.yaml", ++++ "version": "0.3", ++++ "versions": { ++++ "0.1": { ++++ "digest": "7ee043a9d2e063cad751e6ce5d048f02518a76d39ec81aebed3bae736b0ced9e", ++++ "deprecated": false ++++ }, ++++ "0.2": { ++++ "digest": "affdb706e66ffd924086b24e94734589672fb531f80fe366ab06a8c3228962e2", ++++ "deprecated": false ++++ }, ++++ "0.3": { ++++ "digest": "543df5abb020afb51f3ab9d83cdc031e95572983e72f32a59b9f6f75cac990c3", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "Kipjb250YWlucyBubyBwYXJzZXIsIG1lYW50IHRvIGJlIGVtYmVkZGVkKioKCkEgY29sbGVjdGlvbiBvZiBkZWZlbnNpdmUgKGltcGxlbWVudGF0aW9uIGluZGVwZW5kZW50KSBzY2VuYXJpb3MgZm9yIGh0dHAgc2VydmljZXMgOgogLSBhZ2dyZXNzaXZlIGNyYXdsIGRldGVjdGlvbgogLSBzY2FubmluZy9wcm9iaW5nIGRldGVjdGlvbgogLSBiYWQgdXNlci1hZ2VudCBkZXRlY3Rpb24KIC0gcGF0aCB0cmF2ZXJzYWwgZGV0ZWN0aW9uCiAtIHNlbnNpdGl2ZSBkYXRhIGFjY2VzcyBhdHRlbXB0cyBkZXRlY3Rpb24KIC0gU1FMIGluamVjdGlvbiBkZXRlY3Rpb24KCjp3YXJuaW5nOiBUaGlzIGNvbGxlY3Rpb24gaXMgX25vdF8gYSBXQUYgYW5kIHRoaXMgc2NlbmFyaW8gZG9lcyBfbm90XyBhaW1zIGF0IHJlcGxhY2luZyBhIFdBRi4KCgoK", ++++ "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC1sb2dzCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC1jcmF3bC1ub25fc3RhdGljcwogIC0gY3Jvd2RzZWN1cml0eS9odHRwLXByb2JpbmcKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC1iYWQtdXNlci1hZ2VudAogIC0gY3Jvd2RzZWN1cml0eS9odHRwLXBhdGgtdHJhdmVyc2FsLXByb2JpbmcKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC1zZW5zaXRpdmUtZmlsZXMKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC1zcWxpLXByb2JpbmcKICAtIGNyb3dkc2VjdXJpdHkvaHR0cC14c3MtcHJvYmluZwogIC0gY3Jvd2RzZWN1cml0eS9odHRwLWJhY2tkb29ycy1hdHRlbXB0cwogIC0gbHRzaWNoL2h0dHAtdzAwdHcwMHQKCmRlc2NyaXB0aW9uOiAiaHR0cCBjb21tb24gOiBzY2FubmVycyBkZXRlY3Rpb24iCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gbGludXgKICAtIGh0dHAKICAtIGNyYXdsCiAgLSBzY2FuCgo=", ++++ "description": "http common : scanners detection", ++++ "author": "crowdsecurity", ++++ "labels": null, ++++ "parsers": [ ++++ "crowdsecurity/http-logs" ++++ ], ++++ "scenarios": [ ++++ "crowdsecurity/http-crawl-non_statics", ++++ "crowdsecurity/http-probing", ++++ "crowdsecurity/http-bad-user-agent", ++++ "crowdsecurity/http-path-traversal-probing", ++++ "crowdsecurity/http-sensitive-files", ++++ "crowdsecurity/http-sqli-probing", ++++ "crowdsecurity/http-xss-probing", ++++ "crowdsecurity/http-backdoors-attempts", ++++ "ltsich/http-w00tw00t" ++++ ] ++++ }, ++++ "crowdsecurity/dovecot": { ++++ "path": "collections/crowdsecurity/dovecot.yaml", ++++ "version": "0.1", ++++ "versions": { ++++ "0.1": { ++++ "digest": "7990a4b855273b5ceaa379d2979d796e070c96a398caeefbfa1933cc36f690be", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "QSBjb2xsZWN0aW9uIGZvciBkb3ZlY290CiAqIGRvdmVjb3QgbG9nIHBhcnNlcnMKICogZG92ZWNvdCBzY2VuYXJpbyBicnV0ZWZvcmNlIHNwYW0gYXR0ZW1wdAoKVGhpcyBjb2xsZWN0aW9uIG1vc3RseSBhaW1zIGF0IGdldHRpbmcgc2ltaWxhciBzcGFtIHByb3RlY3Rpb24gYXMKdGhlIG5vcm1hbCBmYWlsMmJhbiBkb3ZlY290IGNvbmZpZ3VyYXRpb24uCgpUaGUgcmVsZXZhbnQgYGFjcXVpcy55YW1sYCBzaG91bGQgYmU6CgpgYGB5YW1sCmZpbGVuYW1lczoKICAtIC92YXIvbG9nL21haWwubG9nCmxhYmVsczoKICB0eXBlOiBzeXNsb2cKYGBgCgoKPiBDb250cmlidXRpb24gYnkgaHR0cHM6Ly9naXRodWIuY29tL0x0U2ljaAo=", ++++ "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvZG92ZWNvdC1sb2dzCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvZG92ZWNvdC1zcGFtCmRlc2NyaXB0aW9uOiAiZG92ZWNvdCBzdXBwb3J0IDogcGFyc2VyIGFuZCBzcGFtbWVyIGRldGVjdGlvbiIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBsaW51eAogIC0gc3BhbQogIC0gYnJ1dGVmb3JjZQo=", ++++ "description": "dovecot support : parser and spammer detection", ++++ "author": "crowdsecurity", ++++ "labels": null, ++++ "parsers": [ ++++ "crowdsecurity/dovecot-logs" ++++ ], ++++ "scenarios": [ ++++ "crowdsecurity/dovecot-spam" ++++ ] ++++ }, ++++ "crowdsecurity/iptables": { ++++ "path": "collections/crowdsecurity/iptables.yaml", ++++ "version": "0.1", ++++ "versions": { ++++ "0.1": { ++++ "digest": "ba5c8e97c06b19e4c075e0285e6b60c1da3b86381c88c4bfea4b374378ced10a", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "QSBjb2xsZWN0aW9uIGZvciBwb3J0c2NhbiBkZXRlY3Rpb24gdmlhIGlwdGFibGVzIDoKIC0gaXB0YWJsZXMgcGFyc2VyIChsaWtlIGluIGAtaiBMT0dgKQogLSBtdWx0aSBwb3J0IHNjYW4gZGV0ZWN0aW9uCgo=", ++++ "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvaXB0YWJsZXMtbG9ncwpzY2VuYXJpb3M6CiAgLSBjcm93ZHNlY3VyaXR5L2lwdGFibGVzLXNjYW4tbXVsdGlfcG9ydHMKZGVzY3JpcHRpb246ICJpcHRhYmxlcyBzdXBwb3J0IDogbG9ncyBhbmQgcG9ydC1zY2FucyBkZXRlY3Rpb24gc2NlbmFyaW9zIgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIGxpbnV4CiAgLSBwb3J0c2NhbgogIC0gaXB0YWJsZXMKCg==", ++++ "description": "iptables support : logs and port-scans detection scenarios", ++++ "author": "crowdsecurity", ++++ "labels": null, ++++ "parsers": [ ++++ "crowdsecurity/iptables-logs" ++++ ], ++++ "scenarios": [ ++++ "crowdsecurity/iptables-scan-multi_ports" ++++ ] ++++ }, ++++ "crowdsecurity/linux": { ++++ "path": "collections/crowdsecurity/linux.yaml", ++++ "version": "0.2", ++++ "versions": { ++++ "0.1": { ++++ "digest": "8d16483218a979b84549fb020b0342feea3d1f4951294b6994d33a9b7214842f", ++++ "deprecated": false ++++ }, ++++ "0.2": { ++++ "digest": "baaa37b12b4d734fab81ae01ff81c58ceb7a99304f21e6bb6ff86b871ed6d5eb", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "Kipjb3JlIHBhY2thZ2UgZm9yIGxpbnV4KioKCmNvbnRhaW5zIHN1cHBvcnQgZm9yIHN5c2xvZywgZG8gbm90IHJlbW92ZS4K", ++++ "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvc3lzbG9nLWxvZ3MKICAtIGNyb3dkc2VjdXJpdHkvZ2VvaXAtZW5yaWNoCiAgLSBjcm93ZHNlY3VyaXR5L2RhdGVwYXJzZS1lbnJpY2gKY29sbGVjdGlvbnM6CiAgLSBjcm93ZHNlY3VyaXR5L3NzaGQKZGVzY3JpcHRpb246ICJjb3JlIGxpbnV4IHN1cHBvcnQgOiBzeXNsb2crZ2VvaXArc3NoIgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIGxpbnV4Cgo=", ++++ "description": "core linux support : syslog+geoip+ssh", ++++ "author": "crowdsecurity", ++++ "labels": null, ++++ "parsers": [ ++++ "crowdsecurity/syslog-logs", ++++ "crowdsecurity/geoip-enrich", ++++ "crowdsecurity/dateparse-enrich" ++++ ], ++++ "collections": [ ++++ "crowdsecurity/sshd" ++++ ] ++++ }, ++++ "crowdsecurity/modsecurity": { ++++ "path": "collections/crowdsecurity/modsecurity.yaml", ++++ "version": "0.1", ++++ "versions": { ++++ "0.1": { ++++ "digest": "530454a9dbdb3800f62de4b8ba7d6ed2160b4e533d577c52393f5f286df2b615", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "QSBjb2xsZWN0aW9uIGZvciBtb2RzZWN1cml0eSAodGVzdGVkIG9ubHkgd2l0aCBBcGFjaGUpOgogLSBtb2RzZWN1cml0eSBwYXJzZXI6IGBjcm93ZHNlY3VyaXR5L21vZHNlY3VyaXR5YAogLSBtb2RzZWN1cml0eSBzY2VuYXJpbzogYGNyb3dkc2VjdXJpdHkvbW9kc2VjdXJpdHk=", ++++ "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvbW9kc2VjdXJpdHkKc2NlbmFyaW9zOgogIC0gY3Jvd2RzZWN1cml0eS9tb2RzZWN1cml0eQpkZXNjcmlwdGlvbjogIm1vZHNlY3VyaXR5IHN1cHBvcnQgOiBtb2RzZWN1cml0eSBwYXJzZXIgYW5kIHNjZW5hcmlvIgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIGxpbnV4CiAgLSB3ZWIKICAtIHdhZg==", ++++ "description": "modsecurity support : modsecurity parser and scenario", ++++ "author": "crowdsecurity", ++++ "labels": null, ++++ "parsers": [ ++++ "crowdsecurity/modsecurity" ++++ ], ++++ "scenarios": [ ++++ "crowdsecurity/modsecurity" ++++ ] ++++ }, ++++ "crowdsecurity/mysql": { ++++ "path": "collections/crowdsecurity/mysql.yaml", ++++ "version": "0.1", ++++ "versions": { ++++ "0.1": { ++++ "digest": "77e63a6deedaedc15457691e8631633c15663e796f9e896331d64aa3614fdafc", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "QSBjb2xsZWN0aW9uIGZvciBteXNxbCBzZXJ2aWNlcyA6CiAtIG15c3FsIGxvZ3MgcGFyc2VyCiAtIGJydXRlZm9yY2UgZGV0ZWN0aW9uCiA=", ++++ "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvbXlzcWwtbG9ncwpzY2VuYXJpb3M6CiAgLSBjcm93ZHNlY3VyaXR5L215c3FsLWJmCmRlc2NyaXB0aW9uOiAibXlzcWwgc3VwcG9ydCA6IGxvZ3MgYW5kIGJydXRlLWZvcmNlIHNjZW5hcmlvcyIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBsaW51eAogIC0gbXlzcWwKICAtIGJydXRlZm9yY2UK", ++++ "description": "mysql support : logs and brute-force scenarios", ++++ "author": "crowdsecurity", ++++ "labels": null, ++++ "parsers": [ ++++ "crowdsecurity/mysql-logs" ++++ ], ++++ "scenarios": [ ++++ "crowdsecurity/mysql-bf" ++++ ] ++++ }, ++++ "crowdsecurity/naxsi": { ++++ "path": "collections/crowdsecurity/naxsi.yaml", ++++ "version": "0.1", ++++ "versions": { ++++ "0.1": { ++++ "digest": "cd093e3b26795e8ae86898a585ef77509dc988c4841ea49ba61795a7c849b06e", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "QSBjb2xsZWN0aW9uIHRvIGRldGVjdCB2aXJ0dWFsIHBhdGNoIHZpb2xhdGlvbnMgOgogLSBuYXhzaSBsb2dzIHBhcnNlcgogLSB2cGF0Y2ggaGlnaCBpZCAoPjk5OTkpIHRyaWdnZXIgcnVsZQog", ++++ "content": "cGFyc2VyczoKI2dlbmVyaWMgcG9zdC1wYXJzaW5nIG9mIGh0dHAgc3R1ZmYKICAtIGNyb3dkc2VjdXJpdHkvbmdpbngtbG9ncwogIC0gY3Jvd2RzZWN1cml0eS9uYXhzaS1sb2dzCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvbmF4c2ktZXhwbG9pdC12cGF0Y2gKZGVzY3JpcHRpb246ICJuYXhzaSBzdXBwb3J0IDogcGFyc2VyIGFuZCB2cGF0Y2ggc2NlbmFyaW8iCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gbGludXgKICAtIG5naW54CiAgLSBuYXhzaQogIC0gZXhwbG9pdAoK", ++++ "description": "naxsi support : parser and vpatch scenario", ++++ "author": "crowdsecurity", ++++ "labels": null, ++++ "parsers": [ ++++ "crowdsecurity/nginx-logs", ++++ "crowdsecurity/naxsi-logs" ++++ ], ++++ "scenarios": [ ++++ "crowdsecurity/naxsi-exploit-vpatch" ++++ ] ++++ }, ++++ "crowdsecurity/nginx": { ++++ "path": "collections/crowdsecurity/nginx.yaml", ++++ "version": "0.1", ++++ "versions": { ++++ "0.1": { ++++ "digest": "5ef06c9a84fbea5b01d901a6a23d5de8de811da5036e5ec4f6a8d00fb096805b", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBuZ2lueCBhZ2FpbnN0IGNvbW1vbiBhdHRhY2tzIDoKIC0gbmdpbnggcGFyc2VyCiAtIGJhc2UgaHR0cCBzY2VuYXJpb3MgKGNyYXdsLCA0MDQgc2NhbiwgYmYpCgo=", ++++ "content": "cGFyc2VyczoKI2dlbmVyaWMgcG9zdC1wYXJzaW5nIG9mIGh0dHAgc3R1ZmYKICAtIGNyb3dkc2VjdXJpdHkvbmdpbngtbG9ncwpjb2xsZWN0aW9uczoKICAtIGNyb3dkc2VjdXJpdHkvYmFzZS1odHRwLXNjZW5hcmlvcwpkZXNjcmlwdGlvbjogIm5naW54IHN1cHBvcnQgOiBwYXJzZXIgYW5kIGdlbmVyaWMgaHR0cCBzY2VuYXJpb3MiCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gbGludXgKICAtIG5naW54CiAgLSBjcmF3bAogIC0gc2NhbgoK", ++++ "description": "nginx support : parser and generic http scenarios", ++++ "author": "crowdsecurity", ++++ "labels": null, ++++ "parsers": [ ++++ "crowdsecurity/nginx-logs" ++++ ], ++++ "collections": [ ++++ "crowdsecurity/base-http-scenarios" ++++ ] ++++ }, ++++ "crowdsecurity/postfix": { ++++ "path": "collections/crowdsecurity/postfix.yaml", ++++ "version": "0.2", ++++ "versions": { ++++ "0.1": { ++++ "digest": "81767bab91a7a071d8d32f3227f2391744eef5ba6a4cf916a96ec8183d050ae0", ++++ "deprecated": false ++++ }, ++++ "0.2": { ++++ "digest": "b4cceea527807a9fe70f673ef34e0d7d4372267d665fbbe164f0d6a1a3531a2e", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "QSBjb2xsZWN0aW9uIGZvciBwb3N0Zml4CiAqIHBvc3RmaXggbG9nIHBhcnNlcnMKICogcG9zdHNjcmVlbiBsb2cgcGFyc2VyCiAqIHBvc3RmaXggc2NlbmFyaW8gYnJ1dGVmb3JjZSBzcGFtIGF0dGVtcHQKICogcG9zdHNjcmVlbiByYiBhdHRlbXB0IGJsYWNrbGlzdAoKVGhpcyBjb2xsZWN0aW9uIG1vc3RseSBhaW1zIGF0IGdldHRpbmcgYSBzaW1pbGFyIHNwYW0gcHJvdGVjdGlvbiBhcwp0aGUgbm9ybWFsIGZhaWwyYmFuIHBvc3RmaXggY29uZmlndXJhdGlvbiBhbHRob3VnaCBwb3N0Y3JlZW4gbG9nCm1hbmFnZW1lbnQgaXNuJ3QgaW5jbHVkZWQgYnkgZGVmYXVsdCBieSBmYWlsMmJhbi4KClRoZSByZWxldmFudCBgYWNxdWlzLnlhbWxgIHNob3VsZCBiZToKCmBgYHlhbWwKZmlsZW5hbWVzOgogIC0gL3Zhci9sb2cvbWFpbC5sb2cKbGFiZWxzOgogIHR5cGU6IHN5c2xvZwpgYGAK", ++++ "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvcG9zdGZpeC1sb2dzCiAgLSBjcm93ZHNlY3VyaXR5L3Bvc3RzY3JlZW4tbG9ncwpzY2VuYXJpb3M6CiAgLSBjcm93ZHNlY3VyaXR5L3Bvc3RmaXgtc3BhbQpkZXNjcmlwdGlvbjogInBvc3RmaXggc3VwcG9ydCA6IHBhcnNlciBhbmQgc3BhbW1lciBkZXRlY3Rpb24iCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gbGludXgKICAtIHNwYW0KICAtIGJydXRlZm9yY2UK", ++++ "description": "postfix support : parser and spammer detection", ++++ "author": "crowdsecurity", ++++ "labels": null, ++++ "parsers": [ ++++ "crowdsecurity/postfix-logs", ++++ "crowdsecurity/postscreen-logs" ++++ ], ++++ "scenarios": [ ++++ "crowdsecurity/postfix-spam" ++++ ] ++++ }, ++++ "crowdsecurity/sshd": { ++++ "path": "collections/crowdsecurity/sshd.yaml", ++++ "version": "0.1", ++++ "versions": { ++++ "0.1": { ++++ "digest": "21159aeb87529efcf1a5033f720413d5321a6451bab679a999f7f01a7aa972b3", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBzc2hkIGFnYWluc3QgY29tbW9uIGF0dGFja3MgOgogLSBzc2ggcGFyc2VyCiAtIHNzaCBicnV0ZWZvcmNlICYgZW51bWVyYXRpb24gZGV0ZWN0aW9uCiAKCg==", ++++ "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvc3NoZC1sb2dzCnNjZW5hcmlvczoKICAtIGNyb3dkc2VjdXJpdHkvc3NoLWJmCmRlc2NyaXB0aW9uOiAic3NoZCBzdXBwb3J0IDogcGFyc2VyIGFuZCBicnV0ZS1mb3JjZSBkZXRlY3Rpb24iCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gbGludXgKICAtIHNzaAogIC0gYnJ1dGVmb3JjZQoK", ++++ "description": "sshd support : parser and brute-force detection", ++++ "author": "crowdsecurity", ++++ "labels": null, ++++ "parsers": [ ++++ "crowdsecurity/sshd-logs" ++++ ], ++++ "scenarios": [ ++++ "crowdsecurity/ssh-bf" ++++ ] ++++ }, ++++ "crowdsecurity/vsftpd": { ++++ "path": "collections/crowdsecurity/vsftpd.yaml", ++++ "version": "0.1", ++++ "versions": { ++++ "0.1": { ++++ "digest": "7cb60c9ce9772d4dc7227cc415a55114b8f4e3c07e27c17a666e56e11cb04b32", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCBWU0ZUUEQgYWdhaW5zdCBjb21tb24gYXR0YWNrcyA6Ci0gVlNGVFBEIHBhcnNlcjogYGNyb3dkc2VjdXJpdHkvdnNmdHBkLWxvZ3NgCi0gYnJ1dGVmb3JjZSBzY2VuYXJpbyA6IGBjcm93ZHNlY3VyaXR5L3ZzZnRwZC1iZmA=", ++++ "content": "cGFyc2VyczoKICAtIGNyb3dkc2VjdXJpdHkvdnNmdHBkLWxvZ3MKc2NlbmFyaW9zOgogIC0gY3Jvd2RzZWN1cml0eS92c2Z0cGQtYmYKZGVzY3JpcHRpb246ICJWU0ZUUEQgc3VwcG9ydCA6IGxvZ3MgYW5kIGJydXRlLWZvcmNlIHNjZW5hcmlvcyIKYXV0aG9yOiBjcm93ZHNlY3VyaXR5CnRhZ3M6CiAgLSBsaW51eAogIC0gZnRwCiAgLSBicnV0ZWZvcmNlCg==", ++++ "description": "VSFTPD support : logs and brute-force scenarios", ++++ "author": "crowdsecurity", ++++ "labels": null, ++++ "parsers": [ ++++ "crowdsecurity/vsftpd-logs" ++++ ], ++++ "scenarios": [ ++++ "crowdsecurity/vsftpd-bf" ++++ ] ++++ }, ++++ "crowdsecurity/whitelist-good-actors": { ++++ "path": "collections/crowdsecurity/whitelist-good-actors.yaml", ++++ "version": "0.1", ++++ "versions": { ++++ "0.1": { ++++ "digest": "70f9b1723423de3918bfa3f33fa9c266da71c897b6173ff21e2fb73f9a24245e", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "QSBjb2xsZWN0aW9uIHRvIHdoaXRlbGlzdCBhbGwgZ29vZCBhY3RvcnMgOgogLSByZG5zIHRvIHVzZSBpdCBpbiB3aGl0ZWxpc3RzIHRoYXQgbmVlZCByZG5zCiAtIHJkbnMgb2YgYWxsIGdvb2Qgc2VhcmNoIGVuZ2luZSBjcmF3bGVycyAoZ29vZ2xlYm90LCBiaW5nIGV0Yy4uLikKIC0gdHJ1c3RlZCBwYXJ0bmVycyBsaWtlIGNsb3VkZmxhcmU=", ++++ "content": "cG9zdG92ZXJmbG93czoKICAtIGNyb3dkc2VjdXJpdHkvc2VvLWJvdHMtd2hpdGVsaXN0CiAgLSBjcm93ZHNlY3VyaXR5L2Nkbi13aGl0ZWxpc3QKICAtIGNyb3dkc2VjdXJpdHkvcmRucwpkZXNjcmlwdGlvbjogIkdvb2QgYWN0b3JzIHdoaXRlbGlzdHMiCmF1dGhvcjogY3Jvd2RzZWN1cml0eQp0YWdzOgogIC0gd2hpdGVsaXN0CiAgLSBib3RzCiAgLSBwYXJ0bmVycwo=", ++++ "description": "Good actors whitelists", ++++ "author": "crowdsecurity", ++++ "labels": null, ++++ "postoverflows": [ ++++ "crowdsecurity/seo-bots-whitelist", ++++ "crowdsecurity/cdn-whitelist", ++++ "crowdsecurity/rdns" ++++ ] ++++ }, ++++ "crowdsecurity/wordpress": { ++++ "path": "collections/crowdsecurity/wordpress.yaml", ++++ "version": "0.1", ++++ "versions": { ++++ "0.1": { ++++ "digest": "14f428b1d171a092d703478a891db27aaf83a3f6ba99199a3be4a64d193d718d", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "QSBjb2xsZWN0aW9uIHRvIGRlZmVuZCB3b3JkcHJlc3MgYWdhaW5zdCBicnV0ZWZvcmNlIDoKIC0gd3AtbG9naW4ucGhwIGJydXRlZm9yY2UgZGV0ZWN0aW9uCg==", ++++ "content": "c2NlbmFyaW9zOgogIC0gY3Jvd2RzZWN1cml0eS9odHRwLWJmLXdvcmRwcmVzc19iZgpkZXNjcmlwdGlvbjogIndvcmRwcmVzcyA6IGJydXRlZm9yY2UgZGV0ZWN0aW9uIgphdXRob3I6IGNyb3dkc2VjdXJpdHkKdGFnczoKICAtIGxpbnV4CiAgLSB3b3JkcHJlc3MKICAtIGJydXRlZm9yY2UKCg==", ++++ "description": "wordpress : bruteforce detection", ++++ "author": "crowdsecurity", ++++ "labels": null, ++++ "scenarios": [ ++++ "crowdsecurity/http-bf-wordpress_bf" ++++ ] ++++ } ++++ }, ++++ "parsers": { ++++ "crowdsecurity/apache2-logs": { ++++ "path": "parsers/s01-parse/crowdsecurity/apache2-logs.yaml", ++++ "stage": "s01-parse", ++++ "version": "0.4", ++++ "versions": { ++++ "0.1": { ++++ "digest": "405a1eacb736240024a1302fb7a95184bd1dbb4205c9746877b01aa74aff602f", ++++ "deprecated": false ++++ }, ++++ "0.2": { ++++ "digest": "911be04b02a2aef5052020087b0941c9a646a0ad6213cb34d541d35c5c10fba1", ++++ "deprecated": false ++++ }, ++++ "0.3": { ++++ "digest": "2acd7b53dd7ac9765246dbcc539395ad89942a5b48f3cab6b1489cb6c9fe1360", ++++ "deprecated": false ++++ }, ++++ "0.4": { ++++ "digest": "63c47a8b0740d05e15a84640c44cdbc7b96907deae4650dcdb61329d37bcf9e8", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "VGhpcyBhcGFjaGUyIHBhcnNlciBzdXBwb3J0IGFjY2VzcyBhbmQgZXJyb3IgbG9ncyBpbiB0aGUgSFRUUEQgQ09NQklORUQgTE9HIHN0YW5kYXJkIGZvcm1hdC4KCipub3RlIDogKiBJZiB5b3UgYXJlIGFnZ3JlZ2F0aW5nIGxvZ3MgZnJvbSBzZXZlcmFsIGRvbWFpbnMsIHByZWZpeCB5b3VyIGxvZ2xpbmUgd2l0aCB0aGUgdGFyZ2V0IEZRRE4uIEhUVFAgYmFzZWQgc2NlbmFyaW9zIHNob3VsZCB0YWtlIHRoaXMgaW50byBhY2NvdW50IHNvIHRoYXQgYnVja2V0cyBhcmUgX3Blcl8gc291cmNlIElQIHBlciB0YXJnZXQgRlFETiwgbGltaXRpbmcgZmFsc2UgcG9zaXRpdmVzIGR1ZSB0byBsb2dzIG11bHRpcGxleGluZy4K", ++++ "content": "I0FwYWNoZSBhY2Nlc3MvZXJyb3JzIGxvZ3MKI2RlYnVnOiB0cnVlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSBzdGFydHNXaXRoICdhcGFjaGUyJyIKb25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNyb3dkc2VjdXJpdHkvYXBhY2hlMi1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgQXBhY2hlMiBhY2Nlc3MgYW5kIGVycm9yIGxvZ3MiCiNsb2cgbGluZSBjYW4gYmUgcHJlZml4ZWQgYnkgYSB0YXJnZXRfZnFkbgpub2RlczoKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICcoJXtJUE9SSE9TVDp0YXJnZXRfZnFkbn0gKT8le0NPTU1PTkFQQUNIRUxPR30gJXtRUzpyZWZlcnJlcn0gJXtRUzpodHRwX3VzZXJfYWdlbnR9JwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICAjIHRoZXNlIG9uZXMgYXBwbHkgZm9yIGJvdGggZ3JvayBwYXR0ZXJucwogICAgICBzdGF0aWNzOgogICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgIHZhbHVlOiBodHRwX2FjY2Vzcy1sb2cKICAgICAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGltZXN0YW1wCiAgICAgICAgLSBtZXRhOiBzZXJ2aWNlCiAgICAgICAgICB2YWx1ZTogaHR0cAogICAgICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLmNsaWVudGlwCiAgICAgICAgLSBtZXRhOiBodHRwX3N0YXR1cwogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5yZXNwb25zZQogICAgICAgIC0gbWV0YTogaHR0cF9wYXRoCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnJlcXVlc3QKICAgIG9uc3VjY2VzczogbmV4dF9zdGFnZQogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJyV7SFRUUERfRVJST1JMT0d9JwogICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgb25zdWNjZXNzOiBuZXh0X3N0YWdlCiAgICBwYXR0ZXJuX3N5bnRheDoKICAgICAgTk9UX0RPVUJMRV9QT0lOVDogJ1teOl0rJwogICAgICBOT1RfRE9VQkxFX1FVT1RFOiAnW14iXSsnICAgIAogICAgbm9kZXM6CiAgICAgIC0gZmlsdGVyOiAiZXZ0LlBhcnNlZC5tb2R1bGUgPT0gJ2F1dGhfYmFzaWMnIgogICAgICAgIG9uc3VjY2VzczogbmV4dF9zdGFnZQogICAgICAgIHBhdHRlcm5fc3ludGF4OgogICAgICAgICAgRVhUUkFDVF9VU0VSX0FORF9QQVRIOiAndXNlciAle05PVF9ET1VCTEVfUE9JTlQ6dXNlcm5hbWV9OiBhdXRoZW50aWNhdGlvbiBmYWlsdXJlIGZvciAiJXtOT1RfRE9VQkxFX1FVT1RFOnRhcmdldF91cml9IjogUGFzc3dvcmQgTWlzbWF0Y2gnCiAgICAgICAgZ3JvazoKICAgICAgICAgIHBhdHRlcm46ICcle0VYVFJBQ1RfVVNFUl9BTkRfUEFUSH0nCiAgICAgICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICAgICAgIyB0aGVzZSBvbmVzIGFwcGx5IGZvciBib3RoIGdyb2sgcGF0dGVybnMKICAgICAgICBzdGF0aWNzOgogICAgICAgICAgLSBtZXRhOiB1c2VybmFtZQogICAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnVzZXJuYW1lCiAgICAgICAgICAtIG1ldGE6IGh0dHBfcGF0aAogICAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRhcmdldF91cmkKICAgICAgICAgIC0gbWV0YTogc3ViX3R5cGUKICAgICAgICAgICAgdmFsdWU6ICJhdXRoX2ZhaWwiCiAgICAgIC0gZmlsdGVyOiAiZXZ0LlBhcnNlZC5tb2R1bGUgPT0gJ2F1dGh6X2NvcmUnICYmIGV2dC5QYXJzZWQubWVzc2FnZSBjb250YWlucyAnY2xpZW50IGRlbmllZCciCiAgICAgICAgb25zdWNjZXNzOiBuZXh0X3N0YWdlCiAgICAgICAgcGF0dGVybl9zeW50YXg6CiAgICAgICAgICBFWFRSQUNUX1BBVEg6ICdjbGllbnQgZGVuaWVkIGJ5IHNlcnZlciBjb25maWd1cmF0aW9uOiAle0dSRUVEWURBVEE6dGFyZ2V0X3VyaX0nCiAgICAgICAgZ3JvazoKICAgICAgICAgIHBhdHRlcm46ICcle0VYVFJBQ1RfUEFUSH0nCiAgICAgICAgICBhcHBseV9vbjogbWVzc2FnZQogICAgICAgIHN0YXRpY3M6CiAgICAgICAgICAtIG1ldGE6IGh0dHBfcGF0aAogICAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRhcmdldF91cmkKICAgICAgICAgIC0gbWV0YTogc3ViX3R5cGUKICAgICAgICAgICAgdmFsdWU6ICJwZXJtaXNzaW9uX2RlbmllZCIKICAgIHN0YXRpY3M6CiAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICB2YWx1ZTogaHR0cF9lcnJvci1sb2cKICAgICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lc3RhbXAKICAgICAgLSBtZXRhOiBzZXJ2aWNlCiAgICAgICAgdmFsdWU6IGh0dHAKICAgICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLmNsaWVudAogICAgICAtIG1ldGE6IGh0dHBfc3RhdHVzCiAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5yZXNwb25zZQoKICAgICAg", ++++ "description": "Parse Apache2 access and error logs", ++++ "author": "crowdsecurity", ++++ "labels": null ++++ }, ++++ "crowdsecurity/cowrie-logs": { ++++ "path": "parsers/s01-parse/crowdsecurity/cowrie-logs.yaml", ++++ "stage": "s01-parse", ++++ "version": "0.1", ++++ "versions": { ++++ "0.1": { ++++ "digest": "4ebcf38bef1106ba94ccf6aa575958695de12fa1278b25dddb76cfdce93b553b", ++++ "deprecated": false ++++ } ++++ }, ++++ "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNvd3JpZS1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgY293cmllIGhvbmV5cG90cyBsb2dzIgpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gPT0gJ2Nvd3JpZSciCmdyb2s6CiAgbmFtZTogIkNPV1JJRV9ORVdfQ08iCiAgYXBwbHlfb246IG1lc3NhZ2UKc3RhdGljczoKICAgIC0gbWV0YTogc2VydmljZQogICAgICB2YWx1ZTogdGVsbmV0CiAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgIHZhbHVlOiB0ZWxuZXRfbmV3X3Nlc3Npb24KICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnNvdXJjZV9pcCIKICAgIC0gbWV0YTogZGVzdF9pcAogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5kZXN0X2lwIgogICAgLSBtZXRhOiBkZXN0X3BvcnQKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuZGVzdF9wb3J0IgogICAgLSBwYXJzZWQ6ICJ0ZWxuZXRfc2Vzc2lvbiIKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudGVsbmV0X3Nlc3Npb24i", ++++ "description": "Parse cowrie honeypots logs", ++++ "author": "crowdsecurity", ++++ "labels": null ++++ }, ++++ "crowdsecurity/dateparse-enrich": { ++++ "path": "parsers/s02-enrich/crowdsecurity/dateparse-enrich.yaml", ++++ "stage": "s02-enrich", ++++ "version": "0.1", ++++ "versions": { ++++ "0.1": { ++++ "digest": "16b79f7ef39d0c5e71180cff559b0e2ef98983f2009b5f26d778509e897f94d4", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "UGFyc2VzIHRpbWVzdGFtcCBzdHJpbmdzIGluIGxvZ3MgdG8gYmUgdXNlZCBpbiBbZm9yZW5zaWMgbW9kZV0oaHR0cHM6Ly9kb2MuY3Jvd2RzZWMubmV0L0Nyb3dkc2VjL3YxL3VzZXJfZ3VpZGUvZm9yZW5zaWNfbW9kZS8pLiBUaGUgZm9sbG93aW5nIGZvcm1hdHMgYXJlIGN1cnJlbnRseSBzdXBwb3J0ZWQgOgoKIC0gUkZDMzMzOQogLSBgMDIvSmFuLzIwMDY6MTU6MDQ6MDUgLTA3MDBgCiAtIGBNb24gSmFuIDIgMTU6MDQ6MDUgMjAwNmAKIC0gYDAyLUphbi0yMDA2IDE1OjA0OjA1IGV1cm9wZS9wYXJpc2AKIC0gYDAxLzAyLzIwMDYgMTU6MDQ6MDVgCiAtIGAyMDA2LTAxLTAyIDE1OjA0OjA1Ljk5OTk5OTk5OSAtMDcwMCBNU1RgCiAtIGBKYW4gIDIgMTU6MDQ6MDVgCiAtIGBNb24gSmFuIDAyIDE1OjA0OjA1LjAwMDAwMCAyMDA2YAogLSBgMjAwNi0wMS0wMlQxNTowNDowNVowNzowMGAKIC0gYDIwMDYvMDEvMDJgCiAtIGAyMDA2LzAxLzAyIDE1OjA0YAogLSBgMjAwNi0wMS0wMmAKIC0gYDIwMDYtMDEtMDIgMTU6MDRgCgpUaGUgYFN0clRpbWVgIGl0ZW0gb2YgdGhlIGV2ZW50IGlzIHBhcnNlZCBieSBkZWZhdWx0LiBTZWUgW2Nyb3dkc2VjdXJpdHkvc3lzbG9nLWxvZ3NdKGh0dHBzOi8vaHViLmNyb3dkc2VjLm5ldC9hdXRob3IvY3Jvd2RzZWN1cml0eS9jb25maWd1cmF0aW9ucy9zeXNsb2ctbG9ncykgYXMgYW4gZXhhbXBsZSBvZiBhIHBhcnNlciBzZXR0aW5nIHRoaXMgZmllbGQgZm9yIGBjcm93ZHNlY3VyaXR5L2RhdGVwYXJzZS1lbnJpY2hgLgo=", ++++ "content": "ZmlsdGVyOiAiZXZ0LlN0clRpbWUgIT0gJyciCm5hbWU6IGNyb3dkc2VjdXJpdHkvZGF0ZXBhcnNlLWVucmljaAojZGVidWc6IHRydWUKI2l0J3MgYSBoYWNrIGxvbApzdGF0aWNzOgogIC0gbWV0aG9kOiBQYXJzZURhdGUKICAgIGV4cHJlc3Npb246IGV2dC5TdHJUaW1lCiAgLSB0YXJnZXQ6IE1hcnNoYWxlZFRpbWUKICAgIGV4cHJlc3Npb246IGV2dC5FbnJpY2hlZC5NYXJzaGFsZWRUaW1l", ++++ "author": "crowdsecurity", ++++ "labels": null ++++ }, ++++ "crowdsecurity/dovecot-logs": { ++++ "path": "parsers/s01-parse/crowdsecurity/dovecot-logs.yaml", ++++ "stage": "s01-parse", ++++ "version": "0.1", ++++ "versions": { ++++ "0.1": { ++++ "digest": "3d30684b5d1ceea08ea743a2fa1697178d878bd87eb55e465432c000da162b42", ++++ "deprecated": false ++++ } ++++ }, ++++ "content": "I2NvbnRyaWJ1dGlvbiBieSBAbHRzaWNoCm9uc3VjY2VzczogbmV4dF9zdGFnZQpkZWJ1ZzogZmFsc2UKZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdkb3ZlY290JyIKbmFtZTogY3Jvd2RzZWN1cml0eS9kb3ZlY290LWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBkb3ZlY290IGxvZ3MiCmdyb2s6CiAgcGF0dGVybjogIiV7V09SRDpwcm90b2NvbH0tbG9naW46ICV7REFUQTpkb3ZlY290X2xvZ2luX3Jlc3VsdH06IHVzZXI9PCV7REFUQTpkb3ZlY290X3VzZXJ9Pi4qLCByaXA9JXtJUDpkb3ZlY290X3JlbW90ZV9pcH0sIGxpcD0le0lQOmRvdmVjb3RfbG9jYWxfaXB9IgogIGFwcGx5X29uOiBtZXNzYWdlCnN0YXRpY3M6CiAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgIHZhbHVlOiBkb3ZlY290X2xvZ3MKICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLmRvdmVjb3RfcmVtb3RlX2lwIgo=", ++++ "description": "Parse dovecot logs", ++++ "author": "crowdsecurity", ++++ "labels": null ++++ }, ++++ "crowdsecurity/geoip-enrich": { ++++ "path": "parsers/s02-enrich/crowdsecurity/geoip-enrich.yaml", ++++ "stage": "s02-enrich", ++++ "version": "0.2", ++++ "versions": { ++++ "0.1": { ++++ "digest": "c0718adfc71ad462ad90485ad5c490e5de0e54d8af425bff552994e114443ab6", ++++ "deprecated": false ++++ }, ++++ "0.2": { ++++ "digest": "ab327e6044a32de7d2f3780cbc8e0c4af0c11716f353023d2dc7b986571bb765", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "VGhlIEdlb0lQIG1vZHVsZSByZWxpZXMgb24gZ2VvbGl0ZSBkYXRhYmFzZSB0byBwcm92aWRlIGVucmljaG1lbnQgb24gc291cmNlIGlwLgoKVGhlIGZvbGxvd2luZyBpbmZvcm1hdGlvbnMgd2lsbCBiZSBhZGRlZCB0byB0aGUgZXZlbnQgOgogLSBgTWV0YS5Jc29Db2RlYCA6IHR3by1sZXR0ZXJzIGNvdW50cnkgY29kZQogLSBgTWV0YS5Jc0luRVVgIDogYSBib29sZWFuIGluZGljYXRpbmcgaWYgSVAgaXMgaW4gRVUKIC0gYE1ldGEuR2VvQ29vcmRzYCA6IGxhdGl0dWRlICYgbG9uZ2l0dWRlIG9mIElQCiAtIGBNZXRhLkFTTk51bWJlcmAgOiBBdXRvbm9tb3VzIFN5c3RlbSBOdW1iZXIKIC0gYE1ldGEuQVNOT3JnYCA6IEF1dG9ub21vdXMgU3lzdGVtIE5hbWUKIC0gYE1ldGEuU291cmNlUmFuZ2VgIDogVGhlIHB1YmxpYyByYW5nZSB0byB3aGljaCB0aGUgSVAgYmVsb25ncwoKClRoaXMgY29uZmlndXJhdGlvbiBpbmNsdWRlcyBHZW9MaXRlMiBkYXRhIGNyZWF0ZWQgYnkgTWF4TWluZCBhdmFpbGFibGUgZnJvbSBbaHR0cHM6Ly93d3cubWF4bWluZC5jb21dKGh0dHBzOi8vd3d3Lm1heG1pbmQuY29tKSwgaXQgaW5jbHVkZXMgdHdvIGRhdGEgZmlsZXM6IAoqIFtHZW9MaXRlMi1DaXR5Lm1tZGJdKGh0dHBzOi8vY3Jvd2RzZWMtc3RhdGljcy1hc3NldHMuczMtZXUtd2VzdC0xLmFtYXpvbmF3cy5jb20vR2VvTGl0ZTItQ2l0eS5tbWRiKQoqIFtHZW9MaXRlMi1BU04ubW1kYl0oaHR0cHM6Ly9jcm93ZHNlYy1zdGF0aWNzLWFzc2V0cy5zMy1ldS13ZXN0LTEuYW1hem9uYXdzLmNvbS9HZW9MaXRlMi1BU04ubW1kYikKCg==", ++++ "content": "ZmlsdGVyOiAiJ3NvdXJjZV9pcCcgaW4gZXZ0Lk1ldGEiCm5hbWU6IGNyb3dkc2VjdXJpdHkvZ2VvaXAtZW5yaWNoCmRlc2NyaXB0aW9uOiAiUG9wdWxhdGUgZXZlbnQgd2l0aCBnZW9sb2MgaW5mbyA6IGFzLCBjb3VudHJ5LCBjb29yZHMsIHNvdXJjZSByYW5nZS4iCmRhdGE6CiAgLSBzb3VyY2VfdXJsOiBodHRwczovL2Nyb3dkc2VjLXN0YXRpY3MtYXNzZXRzLnMzLWV1LXdlc3QtMS5hbWF6b25hd3MuY29tL0dlb0xpdGUyLUNpdHkubW1kYgogICAgZGVzdF9maWxlOiBHZW9MaXRlMi1DaXR5Lm1tZGIKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vY3Jvd2RzZWMtc3RhdGljcy1hc3NldHMuczMtZXUtd2VzdC0xLmFtYXpvbmF3cy5jb20vR2VvTGl0ZTItQVNOLm1tZGIKICAgIGRlc3RfZmlsZTogR2VvTGl0ZTItQVNOLm1tZGIKc3RhdGljczoKICAtIG1ldGhvZDogR2VvSXBDaXR5CiAgICBleHByZXNzaW9uOiBldnQuTWV0YS5zb3VyY2VfaXAKICAtIG1ldGE6IElzb0NvZGUKICAgIGV4cHJlc3Npb246IGV2dC5FbnJpY2hlZC5Jc29Db2RlCiAgLSBtZXRhOiBJc0luRVUKICAgIGV4cHJlc3Npb246IGV2dC5FbnJpY2hlZC5Jc0luRVUKICAtIG1ldGE6IEdlb0Nvb3JkcwogICAgZXhwcmVzc2lvbjogZXZ0LkVucmljaGVkLkdlb0Nvb3JkcwogIC0gbWV0aG9kOiBHZW9JcEFTTgogICAgZXhwcmVzc2lvbjogZXZ0Lk1ldGEuc291cmNlX2lwCiAgLSBtZXRhOiBBU05OdW1iZXIKICAgIGV4cHJlc3Npb246IGV2dC5FbnJpY2hlZC5BU05OdW1iZXIKICAtIG1ldGE6IEFTTk9yZwogICAgZXhwcmVzc2lvbjogZXZ0LkVucmljaGVkLkFTTk9yZwogIC0gbWV0aG9kOiBJcFRvUmFuZ2UKICAgIGV4cHJlc3Npb246IGV2dC5NZXRhLnNvdXJjZV9pcAogIC0gbWV0YTogU291cmNlUmFuZ2UKICAgIGV4cHJlc3Npb246IGV2dC5FbnJpY2hlZC5Tb3VyY2VSYW5nZQo=", ++++ "description": "Populate event with geoloc info : as, country, coords, source range.", ++++ "author": "crowdsecurity", ++++ "labels": null ++++ }, ++++ "crowdsecurity/http-logs": { ++++ "path": "parsers/s02-enrich/crowdsecurity/http-logs.yaml", ++++ "stage": "s02-enrich", ++++ "version": "0.5", ++++ "versions": { ++++ "0.1": { ++++ "digest": "d11c01b85927959d1619735c6ac09f260008211edcbf496db0d01b0bd93c5be2", ++++ "deprecated": false ++++ }, ++++ "0.2": { ++++ "digest": "1274d4a8afd04f96fa0adb03f661ba4a7771cd0be84cf33d1b405881d07c5f0e", ++++ "deprecated": false ++++ }, ++++ "0.3": { ++++ "digest": "26d3a09d652bd0024ceb1b51a864183367d7391fa33c87db5274c1e47c072999", ++++ "deprecated": false ++++ }, ++++ "0.4": { ++++ "digest": "ba77a9a5e6b979b9e8d327946aea0a42eed1f035766b80aab2c2a43fb7cf3c13", ++++ "deprecated": false ++++ }, ++++ "0.5": { ++++ "digest": "132938d05f1af484c29088b588aaa86a329a2e677842e17c255295fb47532990", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "VGhpcyBwYXJzZXIgaXMgYSBnZW5lcmljIHBvc3QtcGFyc2luZyBodHRwIHJlLXBhcnNlciBhbmQgcHJvZmlkZXMgbW9yZSBkZXRhaWxlZCBpbmZvcm1hdGlvbiBzdWNoIGFzIDoKIC0gc3RhdGljX3Jlc3NvdXJjZSA6IGEgYm9vbGVhbiB0byB0ZWxsIGlmIHRoZSByZXF1ZXN0ZWQgcmVzc291cmNlIGlzIGEgc3RhdGljIGZpbGUKIC0gZmlsZV9uYW1lIDogc2ltcGxlIGZpbGUrZmlsZS1leHRlbnNpb24KIC0gaW1wYWN0X2NvbXBsZXRpb24gOiBhIGJvb2xlYW4gZmxhZyBpbmRpY2F0aW5nIGlmIHRoZSByZXF1ZXN0IHN1Y2NlZWRlZCAoYmFzZWQgb24gdGhlIGh0dHAgcmVzcG9uc2UgY29kZSkK", ++++ "content": "ZmlsdGVyOiAiZXZ0Lk1ldGEuc2VydmljZSA9PSAnaHR0cCcgJiYgZXZ0Lk1ldGEubG9nX3R5cGUgaW4gWydodHRwX2FjY2Vzcy1sb2cnLCAnaHR0cF9lcnJvci1sb2cnXSIKZGVzY3JpcHRpb246ICJQYXJzZSBtb3JlIFNwZWNpZmljYWxseSBIVFRQIGxvZ3MsIHN1Y2ggYXMgSFRUUCBDb2RlLCBIVFRQIHBhdGgsIEhUVFAgYXJncyBhbmQgaWYgaXRzIGEgc3RhdGljIHJlc3NvdXJjZSIKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLWxvZ3MKcGF0dGVybl9zeW50YXg6CiAgRElSOiAiXi4qLyIKICBGSUxFOiAiW14vXS4qPyIKICBFWFQ6ICJcXC5bXi5dKiR8JCIKbm9kZXM6CiAgLSBzdGF0aWNzOgogICAgIC0gcGFyc2VkOiAiaW1wYWN0X2NvbXBsZXRpb24iCiAgICAgICAjIHRoZSB2YWx1ZSBvZiBhIGZpZWxkIGNhbiBhcyB3ZWxsIGJlIGRldGVybWluZWQgYXMgdGhlIHJlc3VsdCBvZiBhbiBleHByZXNzaW9uCiAgICAgICBleHByZXNzaW9uOiAiZXZ0Lk1ldGEuaHR0cF9zdGF0dXMgaW4gWyc0MDQnLCAnNDAzJywgJzUwMiddID8gJ2ZhbHNlJyA6ICd0cnVlJyIKICAgICAtIHRhcmdldDogZXZ0LlBhcnNlZC5zdGF0aWNfcmVzc291cmNlCiAgICAgICB2YWx1ZTogJ2ZhbHNlJwogICMgbGV0J3Mgc3BsaXQgdGhlIHBhdGg/cXVlcnkgaWYgcG9zc2libGUKICAtIGdyb2s6CiAgICAgIHBhdHRlcm46ICJeJXtHUkVFRFlEQVRBOnJlcXVlc3R9XFw/JXtHUkVFRFlEQVRBOmh0dHBfYXJnc30kIgogICAgICBhcHBseV9vbjogcmVxdWVzdAogICMgdGhpcyBpcyBhbm90aGVyIG5vZGUsIHdpdGggaXRzIG93biBwYXR0ZXJuX3N5bnRheAogIC0gI2RlYnVnOiB0cnVlCiAgICBncm9rOgogICAgICBwYXR0ZXJuOiAiJXtESVI6ZmlsZV9kaXJ9JXtGSUxFOmZpbGVfZnJhZ30le0VYVDpmaWxlX2V4dH0iCiAgICAgIGFwcGx5X29uOiByZXF1ZXN0CiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBodHRwX3BhdGgKICAgICAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLmh0dHBfcGF0aCIKICAgICAgICAgICMgbWV0YSBhZgogICAgICAgIC0gbWV0YTogaHR0cF9hcmdzX2xlbgogICAgICAgICAgZXhwcmVzc2lvbjogImxlbihldnQuUGFyc2VkLmh0dHBfYXJncykiCiAgICAgICAgLSBwYXJzZWQ6IGZpbGVfbmFtZQogICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC5maWxlX2ZyYWcgKyBldnQuUGFyc2VkLmZpbGVfZXh0CiAgICAgICAgLSBwYXJzZWQ6IHN0YXRpY19yZXNzb3VyY2UKICAgICAgICAgIGV4cHJlc3Npb246ICJVcHBlcihldnQuUGFyc2VkLmZpbGVfZXh0KSBpbiBbJy5KUEcnLCAnLkNTUycsICcuSlMnLCAnLkpQRUcnLCAnLlBORycsICcuU1ZHJywgJy5NQVAnLCAnLklDTycsICcuT1RGJywgJy5HSUYnLCAnLk1QMycsICcuTVA0JywgJy5XT0ZGJywgJy5XT0ZGMicsICcuVFRGJywgJy5PVEYnLCAnLkVPVCcsICcuV0VCUCddID8gJ3RydWUnIDogJ2ZhbHNlJyIK", ++++ "description": "Parse more Specifically HTTP logs, such as HTTP Code, HTTP path, HTTP args and if its a static ressource", ++++ "author": "crowdsecurity", ++++ "labels": null ++++ }, ++++ "crowdsecurity/iptables-logs": { ++++ "path": "parsers/s01-parse/crowdsecurity/iptables-logs.yaml", ++++ "stage": "s01-parse", ++++ "version": "0.1", ++++ "versions": { ++++ "0.1": { ++++ "digest": "00076ea5d8fa862aeb6bb48890d84d9e2763bfc332a635eab884c0a3069fcccd", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "QSBwYXJzZXIgZm9yIGlwdGFibGVzIGAtaiBMT0dgIGxvZ3MuCgpBbGwgbG9nZ2VkIHBhY2tldHMgYXJlIGNvbnNpZGVyZWQgYXMgRFJPUHMuCgpUbyBtYWtlIHRoaXMgcGFyc2VyIHJlbGV2YW50LCB5b3Ugc2hvdWxkIGhhdmUgYSBgaXB0YWJsZXMgLUEgSU5QVVQgIC1tIHN0YXRlIC0tc3RhdGUgTkVXIC1qIExPR2Agb3Igc2ltaWxhciBpbnRvIHlvdXIgY29uZmlndXJhdGlvbi4gVGhpcyBvbmUgd2lsbCBsb2cgYWxsIG5ldyBjb25uZWN0aW9ucywgc3VjY2Vzc2Z1bCBvciBub3QuCgo=", ++++ "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogdHJ1ZQpmaWx0ZXI6ICJldnQuUGFyc2VkLnByb2dyYW0gPT0gJ2tlcm5lbCciCm5hbWU6IGNyb3dkc2VjdXJpdHkvaXB0YWJsZXMtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIGlwdGFibGVzIGRyb3AgbG9ncyIKZ3JvazoKICBwYXR0ZXJuOiBcWyV7REFUQX1cXSsuKigle1dPUkQ6YWN0aW9ufSk/IElOPSV7V09SRDppbnRfZXRofSBPVVQ9IE1BQz0le0lQfTole01BQ30gU1JDPSV7SVA6c3JjX2lwfSBEU1Q9JXtJUDpkc3RfaXB9IExFTj0le0lOVDpsZW5ndGh9LipQUk9UTz0le1dPUkQ6cHJvdG99IFNQVD0le0lOVDpzcmNfcG9ydH0gRFBUPSV7SU5UOmRzdF9wb3J0fS4qCiAgYXBwbHlfb246IG1lc3NhZ2UKc3RhdGljczoKICAgIC0gbWV0YTogc2VydmljZQogICAgICB2YWx1ZTogdGNwCiAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgIHZhbHVlOiBpcHRhYmxlc19kcm9wCiAgICAtIG1ldGE6IHNvdXJjZV9pcAogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zcmNfaXAiCiAg", ++++ "description": "Parse iptables drop logs", ++++ "author": "crowdsecurity", ++++ "labels": null ++++ }, ++++ "crowdsecurity/modsecurity": { ++++ "path": "parsers/s01-parse/crowdsecurity/modsecurity.yaml", ++++ "stage": "s01-parse", ++++ "version": "0.1", ++++ "versions": { ++++ "0.1": { ++++ "digest": "8db1b74ef6681ebe8e9fcc09ed271830a330f3aa5dd3e273a98b3906c334f715", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "VGhpcyBtb2RzZWN1cml0eSBwYXJzZXIgc3VwcG9ydCBtb2RzZWN1cml0eSBsb2dzIGZyb20gYXBhY2hlMiBlcnJvciBsb2cuCgooTm90IHRlc3RlZCB3aXRoIE5naW54IHlldCkuIA==", ++++ "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogZXZ0LlBhcnNlZC5wcm9ncmFtID09ICdtb2RzZWN1cml0eScKbmFtZTogY3Jvd2RzZWN1cml0eS9tb2RzZWN1cml0eQojZGVidWc6IHRydWUKZGVzY3JpcHRpb246IEEgcGFyc2VyIGZvciBtb2RzZWN1cml0eSBXQUYKZ3JvazoKICBuYW1lOiBNT0RTRUNBUEFDSEVFUlJPUgogIGFwcGx5X29uOiBtZXNzYWdlCnN0YXRpY3M6CiAgLSBtZXRhOiBsb2dfdHlwZQogICAgdmFsdWU6IG1vZHNlY3VyaXR5CiAgLSBtZXRhOiBzb3VyY2VfaXAKICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQuc291cmNlaG9zdAo=", ++++ "description": "A parser for modsecurity WAF", ++++ "author": "crowdsecurity", ++++ "labels": null ++++ }, ++++ "crowdsecurity/mysql-logs": { ++++ "path": "parsers/s01-parse/crowdsecurity/mysql-logs.yaml", ++++ "stage": "s01-parse", ++++ "version": "0.1", ++++ "versions": { ++++ "0.1": { ++++ "digest": "9ad9acb6f2c62c6d38c8b662a22af412f6bb0d73f14197b5136cc2c777a3865b", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "TXlzcWwgYXV0aGVudGljYXRpb24gZmFpbCBwYXJzZXIuCg==", ++++ "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNyb3dkc2VjdXJpdHkvbXlzcWwtbG9ncwpkZXNjcmlwdGlvbjogIlBhcnNlIE15U1FMIGxvZ3MiCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnbXlzcWwnIgpncm9rOgogIG5hbWU6ICJNWVNRTF9BVVRIX0ZBSUwiCiAgYXBwbHlfb246IG1lc3NhZ2UKc3RhdGljczoKICAtIG1ldGE6IGxvZ190eXBlCiAgICB2YWx1ZTogbXlzcWxfZmFpbGVkX2F1dGgKICAtIG1ldGE6IHNvdXJjZV9pcAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc291cmNlX2lwIgogIC0gbWV0YTogdXNlcgogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudXNlciI=", ++++ "description": "Parse MySQL logs", ++++ "author": "crowdsecurity", ++++ "labels": null ++++ }, ++++ "crowdsecurity/naxsi-logs": { ++++ "path": "parsers/s02-enrich/crowdsecurity/naxsi-logs.yaml", ++++ "stage": "s02-enrich", ++++ "version": "0.1", ++++ "versions": { ++++ "0.1": { ++++ "digest": "c8b9f9ffdc82619cfc9ef10be9ba18513f702688d86d5c48a5cffb525499a8f0", ++++ "deprecated": false ++++ } ++++ }, ++++ "content": "I2xldCdzIHRyeSB0byBwb3N0LXByb2Nlc3MgbmdpbnggZXJyb3IgbG9nIHRvIGhhdmUgbmF4c2kgcGF0dGVybgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSA9PSAnaHR0cF9lcnJvci1sb2cnICYmIGV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnbmdpbngnIgpkZXNjcmlwdGlvbjogIkVucmljaCBsb2dzIGlmIGl0cyBmcm9tIE5BWFNJIgpuYW1lOiBjcm93ZHNlY3VyaXR5L25heHNpLWxvZ3MKZ3JvazoKICBuYW1lOiAiTkFYU0lfRVhMT0ciCiAgYXBwbHlfb246IG1lc3NhZ2UKc3RhdGljczoKICAtIHRhcmdldDogZXZ0Lk1ldGEubG9nX3R5cGUKICAgIHZhbHVlOiB3YWZfbmF4c2ktbG9nCiAgLSBtZXRhOiBzb3VyY2VfaXAKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLm5heHNpX3NyY19pcCIKICAtIG1ldGE6IGh0dHBfcGF0aAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuaHR0cF9wYXRoIgogIC0gbWV0YTogZGVzdF9pcAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudGFyZ2V0X2lwIg==", ++++ "description": "Enrich logs if its from NAXSI", ++++ "author": "crowdsecurity", ++++ "labels": null ++++ }, ++++ "crowdsecurity/nginx-logs": { ++++ "path": "parsers/s01-parse/crowdsecurity/nginx-logs.yaml", ++++ "stage": "s01-parse", ++++ "version": "0.2", ++++ "versions": { ++++ "0.1": { ++++ "digest": "60ba29ab5a5a49214664344b57403fab932e70bb1493203e83dc7df4f66b2059", ++++ "deprecated": false ++++ }, ++++ "0.2": { ++++ "digest": "eae9b00d93c9e86f4b909bf0b0ce7dee821834702bc99c29213ebeca86054367", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "QSBnZW5lcmljIHBhcnNlciBmb3IgbmdpbngsIHN1cHBvcnQgYm90aCBhY2Nlc3MgYW5kIGVycm9yIGxvZ3MuCgoKKm5vdGUgOiAqIElmIHlvdSBhcmUgYWdncmVnYXRpbmcgbG9ncyBmcm9tIHNldmVyYWwgZG9tYWlucywgcHJlZml4IHlvdXIgbG9nbGluZSB3aXRoIHRoZSB0YXJnZXQgRlFETi4gSFRUUCBiYXNlZCBzY2VuYXJpb3Mgc2hvdWxkIHRha2UgdGhpcyBpbnRvIGFjY291bnQgc28gdGhhdCBidWNrZXRzIGFyZSBfcGVyXyBzb3VyY2UgSVAgcGVyIHRhcmdldCBGUUROLCBsaW1pdGluZyBmYWxzZSBwb3NpdGl2ZXMgZHVlIHRvIGxvZ3MgbXVsdGlwbGV4aW5nLgoK", ++++ "content": "ZmlsdGVyOiAiZXZ0LlBhcnNlZC5wcm9ncmFtIHN0YXJ0c1dpdGggJ25naW54JyIKb25zdWNjZXNzOiBuZXh0X3N0YWdlCiNkZWJ1ZzogdHJ1ZQpuYW1lOiBjcm93ZHNlY3VyaXR5L25naW54LWxvZ3MKZGVzY3JpcHRpb246ICJQYXJzZSBuZ2lueCBhY2Nlc3MgYW5kIGVycm9yIGxvZ3MiCm5vZGVzOgogIC0gZ3JvazoKICAgICAgcGF0dGVybjogJygle0lQT1JIT1NUOnRhcmdldF9mcWRufSApPyV7SVBPUkhPU1Q6cmVtb3RlX2FkZHJ9IC0gJXtOR1VTRVI6cmVtb3RlX3VzZXJ9IFxbJXtIVFRQREFURTp0aW1lX2xvY2FsfVxdICIle1dPUkQ6dmVyYn0gJXtVUklQQVRIUEFSQU06cmVxdWVzdH0gSFRUUC8le05VTUJFUjpodHRwX3ZlcnNpb259IiAle05VTUJFUjpzdGF0dXN9ICV7TlVNQkVSOmJvZHlfYnl0ZXNfc2VudH0gIiV7Tk9URFFVT1RFOmh0dHBfcmVmZXJlcn0iICIle05PVERRVU9URTpodHRwX3VzZXJfYWdlbnR9IicKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgICAgICB2YWx1ZTogaHR0cF9hY2Nlc3MtbG9nCiAgICAgICAgLSB0YXJnZXQ6IGV2dC5TdHJUaW1lCiAgICAgICAgICBleHByZXNzaW9uOiBldnQuUGFyc2VkLnRpbWVfbG9jYWwKICAtIGdyb2s6CiAgICAgICAgIyBhbmQgdGhpcyBvbmUgdGhlIGVycm9yIGxvZwogICAgICAgIHBhdHRlcm46ICcoJXtJUE9SSE9TVDp0YXJnZXRfZnFkbn0gKT8le05HSU5YRVJSVElNRTp0aW1lfSBcWyV7TE9HTEVWRUw6bG9nbGV2ZWx9XF0gJXtOT05ORUdJTlQ6cGlkfSMle05PTk5FR0lOVDp0aWR9OiAoXCole05PTk5FR0lOVDpjaWR9ICk/JXtHUkVFRFlEQVRBOm1lc3NhZ2V9JwogICAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgICAgc3RhdGljczoKICAgICAgICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgICAgICAgdmFsdWU6IGh0dHBfZXJyb3ItbG9nCiAgICAgICAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lCiMgdGhlc2Ugb25lcyBhcHBseSBmb3IgYm90aCBncm9rIHBhdHRlcm5zCnN0YXRpY3M6CiAgLSBtZXRhOiBzZXJ2aWNlCiAgICB2YWx1ZTogaHR0cAogIC0gbWV0YTogc291cmNlX2lwCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5yZW1vdGVfYWRkciIKICAtIG1ldGE6IGh0dHBfc3RhdHVzCiAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zdGF0dXMiCiAgLSBtZXRhOiBodHRwX3BhdGgKICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnJlcXVlc3Qi", ++++ "description": "Parse nginx access and error logs", ++++ "author": "crowdsecurity", ++++ "labels": null ++++ }, ++++ "crowdsecurity/postfix-logs": { ++++ "path": "parsers/s01-parse/crowdsecurity/postfix-logs.yaml", ++++ "stage": "s01-parse", ++++ "version": "0.2", ++++ "versions": { ++++ "0.1": { ++++ "digest": "da6b8ecae70e951905697c92fc0c198c2148041bf96e33658d485818c37d7414", ++++ "deprecated": false ++++ }, ++++ "0.2": { ++++ "digest": "7338524c5cd363792ee2b8edd488ee6e855b925e073ad659ae2c1b9fb1f4afdf", ++++ "deprecated": false ++++ } ++++ }, ++++ "content": "IyBDb3B5cmlnaHQgKGMpIDIwMTQsIDIwMTUsIFJ1ZHkgR2V2YWVydAojIENvcHlyaWdodCAoYykgMjAyMCBDcm93ZHNlYwoKIyBQZXJtaXNzaW9uIGlzIGhlcmVieSBncmFudGVkLCBmcmVlIG9mIGNoYXJnZSwgdG8gYW55IHBlcnNvbiBvYnRhaW5pbmcKIyBhIGNvcHkgb2YgdGhpcyBzb2Z0d2FyZSBhbmQgYXNzb2NpYXRlZCBkb2N1bWVudGF0aW9uIGZpbGVzICh0aGUKIyAiU29mdHdhcmUiKSwgdG8gZGVhbCBpbiB0aGUgU29mdHdhcmUgd2l0aG91dCByZXN0cmljdGlvbiwgaW5jbHVkaW5nCiMgd2l0aG91dCBsaW1pdGF0aW9uIHRoZSByaWdodHMgdG8gdXNlLCBjb3B5LCBtb2RpZnksIG1lcmdlLCBwdWJsaXNoLAojIGRpc3RyaWJ1dGUsIHN1YmxpY2Vuc2UsIGFuZC9vciBzZWxsIGNvcGllcyBvZiB0aGUgU29mdHdhcmUsIGFuZCB0bwojIHBlcm1pdCBwZXJzb25zIHRvIHdob20gdGhlIFNvZnR3YXJlIGlzIGZ1cm5pc2hlZCB0byBkbyBzbywgc3ViamVjdCB0bwojIHRoZSBmb2xsb3dpbmcgY29uZGl0aW9uczoKCiMgVGhlIGFib3ZlIGNvcHlyaWdodCBub3RpY2UgYW5kIHRoaXMgcGVybWlzc2lvbiBub3RpY2Ugc2hhbGwgYmUKIyBpbmNsdWRlZCBpbiBhbGwgY29waWVzIG9yIHN1YnN0YW50aWFsIHBvcnRpb25zIG9mIHRoZSBTb2Z0d2FyZS4KCiMgVEhFIFNPRlRXQVJFIElTIFBST1ZJREVEICJBUyBJUyIsIFdJVEhPVVQgV0FSUkFOVFkgT0YgQU5ZIEtJTkQsCiMgRVhQUkVTUyBPUiBJTVBMSUVELCBJTkNMVURJTkcgQlVUIE5PVCBMSU1JVEVEIFRPIFRIRSBXQVJSQU5USUVTIE9GCiMgTUVSQ0hBTlRBQklMSVRZLCBGSVRORVNTIEZPUiBBIFBBUlRJQ1VMQVIgUFVSUE9TRSBBTkQKIyBOT05JTkZSSU5HRU1FTlQuIElOIE5PIEVWRU5UIFNIQUxMIFRIRSBBVVRIT1JTIE9SIENPUFlSSUdIVCBIT0xERVJTIEJFCiMgTElBQkxFIEZPUiBBTlkgQ0xBSU0sIERBTUFHRVMgT1IgT1RIRVIgTElBQklMSVRZLCBXSEVUSEVSIElOIEFOIEFDVElPTgojIE9GIENPTlRSQUNULCBUT1JUIE9SIE9USEVSV0lTRSwgQVJJU0lORyBGUk9NLCBPVVQgT0YgT1IgSU4gQ09OTkVDVElPTgojIFdJVEggVEhFIFNPRlRXQVJFIE9SIFRIRSBVU0UgT1IgT1RIRVIgREVBTElOR1MgSU4gVEhFIFNPRlRXQVJFLgoKIyBTb21lIG9mIHRoZSBncm9rcyB1c2VkIGhlcmUgYXJlIGZyb20gaHR0cHM6Ly9naXRodWIuY29tL3JnZXZhZXJ0L2dyb2stcGF0dGVybnMvYmxvYi9tYXN0ZXIvZ3Jvay5kL3Bvc3RmaXhfcGF0dGVybnMKb25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAncG9zdGZpeC9zbXRwZCciCm5hbWU6IGNyb3dkc2VjdXJpdHkvcG9zdGZpeC1sb2dzCnBhdHRlcm5fc3ludGF4OgogIFBPU1RGSVhfSE9TVE5BTUU6ICcoJXtIT1NUTkFNRX18dW5rbm93biknCiAgUE9TVEZJWF9DT01NQU5EOiAnKEFVVEh8U1RBUlRUTFN8Q09OTkVDVHxFSExPfEhFTE98UkNQVCknCiAgUE9TVEZJWF9BQ1RJT046ICdkaXNjYXJkfGR1bm5vfGZpbHRlcnxob2xkfGlnbm9yZXxpbmZvfHByZXBlbmR8cmVkaXJlY3R8cmVwbGFjZXxyZWplY3R8d2FybicKICBSRUxBWTogJyg/OiV7SE9TVE5BTUU6cmVtb3RlX2hvc3R9KD86XFsle0lQOnJlbW90ZV9hZGRyfVxdKD86OlswLTldKyguWzAtOV0rKT8pPyk/KScKZGVzY3JpcHRpb246ICJQYXJzZSBwb3N0Zml4IGxvZ3MiCm5vZGVzOgogIC0gZ3JvazoKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgcGF0dGVybjogJ2xvc3QgY29ubmVjdGlvbiBhZnRlciAle0RBVEE6c210cF9yZXNwb25zZX0gZnJvbSAle1JFTEFZfScKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGxvZ190eXBlX2VuaAogICAgICAgICAgdmFsdWU6IHNwYW0tYXR0ZW1wdAogIC0gZ3JvazoKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgcGF0dGVybjogJ3dhcm5pbmc6ICV7UE9TVEZJWF9IT1NUTkFNRTpyZW1vdGVfaG9zdH1cWyV7SVA6cmVtb3RlX2FkZHJ9XF06IFNBU0wgKCg/aSlMT0dJTnxQTEFJTnwoPzpDUkFNfERJR0VTVCktTUQ1KSBhdXRoZW50aWNhdGlvbiBmYWlsZWQ6JXtHUkVFRFlEQVRBOm1lc3NhZ2VfZmFpbHVyZX0nCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiBsb2dfdHlwZV9lbmgKICAgICAgICAgIHZhbHVlOiBzcGFtLWF0dGVtcHQKICAtIGdyb2s6CiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHBhdHRlcm46ICdOT1FVRVVFOiAle1BPU1RGSVhfQUNUSU9OOmFjdGlvbn06ICV7REFUQTpjb21tYW5kfSBmcm9tICV7UkVMQVl9OiAle0dSRUVEWURBVEE6cmVhc29ufScKICAgICAgc3RhdGljczoKICAgICAgICAtIG1ldGE6IGFjdGlvbgogICAgICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuYWN0aW9uIiAgICAgICAgCnN0YXRpY3M6CiAgICAtIG1ldGE6IHNlcnZpY2UKICAgICAgdmFsdWU6IHBvc3RmaXgKICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnJlbW90ZV9hZGRyIgogICAgLSBtZXRhOiBzb3VyY2VfaG9zdG5hbWUKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQucmVtb3RlX2hvc3QiCiAgICAtIG1ldGE6IGxvZ190eXBlCiAgICAgIHZhbHVlOiBwb3N0Zml4Cgo=", ++++ "description": "Parse postfix logs", ++++ "author": "crowdsecurity", ++++ "labels": null ++++ }, ++++ "crowdsecurity/postscreen-logs": { ++++ "path": "parsers/s01-parse/crowdsecurity/postscreen-logs.yaml", ++++ "stage": "s01-parse", ++++ "version": "0.1", ++++ "versions": { ++++ "0.1": { ++++ "digest": "5ee035d47824573e19f9a1d378d8882cf3efa72f6443e2243f915d6b38b4b957", ++++ "deprecated": false ++++ } ++++ }, ++++ "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAncG9zdGZpeC9wb3N0c2NyZWVuJyIKbmFtZTogY3Jvd2RzZWN1cml0eS9wb3N0c2NyZWVuLWxvZ3MKcGF0dGVybl9zeW50YXg6CiAgUE9TVFNDUkVFTl9QUkVHUkVFVDogJ1BSRUdSRUVUJwogIFBPU1RTQ1JFRU5fUFJFR1JFRVRfVElNRV9BVFRFTVBUOiAnXGQrLlxkKycKZGVzY3JpcHRpb246ICJQYXJzZSBwb3N0c2NyZWVuIGxvZ3MiCm5vZGVzOgogIC0gZ3JvazoKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAgICAgcGF0dGVybjogJyV7UE9TVFNDUkVFTl9QUkVHUkVFVDpwcmVncmVldH0gJXtJTlQ6Y291bnR9IGFmdGVyICV7UE9TVFNDUkVFTl9QUkVHUkVFVF9USU1FX0FUVEVNUFQ6dGltZV9hdHRlbXB0fSBmcm9tIFxbJXtJUDpyZW1vdGVfYWRkcn1cXTole0lOVDpwb3J0fTogJXtHUkVFRFlEQVRBOm1lc3NhZ2VfYXR0ZW1wdH0nCnN0YXRpY3M6CiAgICAtIG1ldGE6IHNlcnZpY2UKICAgICAgdmFsdWU6IHBvc3RzY3JlZW4KICAgIC0gbWV0YTogc291cmNlX2lwCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnJlbW90ZV9hZGRyIgogICAgLSBtZXRhOiBwcmVncmVldAogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5wcmVncmVldCIKCgo=", ++++ "description": "Parse postscreen logs", ++++ "author": "crowdsecurity", ++++ "labels": null ++++ }, ++++ "crowdsecurity/smb-logs": { ++++ "path": "parsers/s01-parse/crowdsecurity/smb-logs.yaml", ++++ "stage": "s01-parse", ++++ "version": "0.1", ++++ "versions": { ++++ "0.1": { ++++ "digest": "a68bdf79455bda0a84ffaa109752b682266ea0e050d04c260a965a0dbac0fb27", ++++ "deprecated": false ++++ } ++++ }, ++++ "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IGNyb3dkc2VjdXJpdHkvc21iLWxvZ3MKZmlsdGVyOiBldnQuUGFyc2VkLnByb2dyYW0gPT0gJ3NtYicKZGVzY3JpcHRpb246ICJQYXJzZSBTTUIgbG9ncyIKZ3JvazoKICBuYW1lOiAiU01CX0FVVEhfRkFJTCIKICBhcHBseV9vbjogbWVzc2FnZQpzdGF0aWNzOgogIC0gbWV0YTogbG9nX3R5cGUKICAgIHZhbHVlOiBzbWJfZmFpbGVkX2F1dGgKICAtIG1ldGE6IHNvdXJjZV9pcAogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuaXBfc291cmNlIgogIC0gbWV0YTogdXNlcgogICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQudXNlciI=", ++++ "description": "Parse SMB logs", ++++ "author": "crowdsecurity", ++++ "labels": null ++++ }, ++++ "crowdsecurity/sshd-logs": { ++++ "path": "parsers/s01-parse/crowdsecurity/sshd-logs.yaml", ++++ "stage": "s01-parse", ++++ "version": "0.1", ++++ "versions": { ++++ "0.1": { ++++ "digest": "ecd40cb8cd95e2bad398824ab67b479362cdbf0e1598b8833e2f537ae3ce2f93", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "WW91ciBvbmUgZml0cy1hbGwgc3NoIHBhcnNlciB3aXRoIHN1cHBvcnQgZm9yIHRoZSBtb3N0IGNvbW1vbiBraW5kIG9mIGZhaWxlZCBhdXRoZW50aWNhdGlvbnMgYW5kIGVycm9ycy4KCg==", ++++ "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAnc3NoZCciCm5hbWU6IGNyb3dkc2VjdXJpdHkvc3NoZC1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2Ugb3BlblNTSCBsb2dzIgpub2RlczoKICAtIGdyb2s6CiAgICAgIG5hbWU6ICJTU0hEX0ZBSUwiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiB0YXJnZXRfdXNlcgogICAgICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc3NoZF9pbnZhbGlkX3VzZXIiCiAgLSBncm9rOgogICAgICBuYW1lOiAiU1NIRF9ESVNDX1BSRUFVVEgiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgLSBncm9rOgogICAgICBuYW1lOiAiU1NIRF9CQURfVkVSU0lPTiIKICAgICAgYXBwbHlfb246IG1lc3NhZ2UKICAtIGdyb2s6CiAgICAgIG5hbWU6ICJTU0hEX0lOVkFMX1VTRVIiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiB0YXJnZXRfdXNlcgogICAgICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc3NoZF9pbnZhbGlkX3VzZXIiCiAgLSBncm9rOgogICAgICBuYW1lOiAiU1NIRF9VU0VSX0ZBSUwiCiAgICAgIGFwcGx5X29uOiBtZXNzYWdlCiAgICAgIHN0YXRpY3M6CiAgICAgICAgLSBtZXRhOiB0YXJnZXRfdXNlcgogICAgICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc3NoZF9pbnZhbGlkX3VzZXIiCnN0YXRpY3M6CiAgICAtIG1ldGE6IHNlcnZpY2UKICAgICAgdmFsdWU6IHNzaAogICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICB2YWx1ZTogc3NoX2ZhaWxlZC1hdXRoCiAgICAtIG1ldGE6IHNvdXJjZV9pcAogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5zc2hkX2NsaWVudF9pcCI=", ++++ "description": "Parse openSSH logs", ++++ "author": "crowdsecurity", ++++ "labels": null ++++ }, ++++ "crowdsecurity/syslog-logs": { ++++ "path": "parsers/s00-raw/crowdsecurity/syslog-logs.yaml", ++++ "stage": "s00-raw", ++++ "version": "0.1", ++++ "versions": { ++++ "0.1": { ++++ "digest": "44e8cfbf528dcd70c6cc329df1b963f6861668796c706cc79050b0907a85540e", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "IyBTeXNsb2cgcGFyc2VyCgpUaGlzIGlzIGEgZ2VuZXJpYyBsaW51eCBzeXNsb2cgcGFyc2VyIHdpdGggdGltZS1zdXBwb3J0LgpUaGlzIG9uZSBvZnRlbiB3b3JrcyBhbG9uZyBgY3Jvd2RzZWN1cml0eS9za2lwLXByZXRhZ2AKCg==", ++++ "content": "I0lmIGl0J3Mgc3lzbG9nLCB3ZSBhcmUgZ29pbmcgdG8gZXh0cmFjdCBwcm9nbmFtZSBmcm9tIGl0CmZpbHRlcjogImV2dC5MaW5lLkxhYmVscy50eXBlID09ICdzeXNsb2cnIgpvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKbmFtZTogY3Jvd2RzZWN1cml0eS9zeXNsb2ctbG9ncwpncm9rOgogICN0aGlzIGlzIGEgbmFtZWQgcmVndWxhciBleHByZXNzaW9uLiBncm9rIHBhdHRlcm5zIGNhbiBiZSBrZXB0IGludG8gc2VwYXJhdGUgZmlsZXMgZm9yIHJlYWRhYmlsaXR5CiAgbmFtZTogIlNZU0xPR0xJTkUiIAogICNUaGlzIGlzIHRoZSBmaWVsZCBvZiB0aGUgYEV2ZW50YCB0byB3aGljaCB0aGUgcmVnZXhwIHNob3VsZCBiZSBhcHBsaWVkCiAgYXBwbHlfb246IExpbmUuUmF3CiNpZiB0aGUgbm9kZSB3YXMgc3VjY2Vzc2Z1bGwsIHN0YXRpY3Mgd2lsbCBiZSBhcHBsaWVkLgpzdGF0aWNzOgogIC0gcGFyc2VkOiAibG9nc291cmNlIgogICAgdmFsdWU6ICJzeXNsb2ciCiMgc3lzbG9nIGRhdGUgY2FuIGJlIGluIHR3byBkaWZmZXJlbnQgZmllbGRzIChvbmUgb2YgaHRlIGFzc2lnbm1lbnQgd2lsbCBmYWlsKQogIC0gdGFyZ2V0OiBldnQuU3RyVGltZQogICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lc3RhbXAKICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgIGV4cHJlc3Npb246IGV2dC5QYXJzZWQudGltZXN0YW1wODYwMQotLS0KI2lmIGl0J3Mgbm90IHN5c2xvZywgdGhlIHR5cGUgaXMgdGhlIHByb2duYW1lCmZpbHRlcjogImV2dC5MaW5lLkxhYmVscy50eXBlICE9ICdzeXNsb2cnIgpvbnN1Y2Nlc3M6IG5leHRfc3RhZ2UKbmFtZTogY3Jvd2RzZWN1cml0eS9ub24tc3lzbG9nCiNkZWJ1ZzogdHJ1ZQpzdGF0aWNzOgogIC0gcGFyc2VkOiBtZXNzYWdlCiAgICBleHByZXNzaW9uOiBldnQuTGluZS5SYXcKICAtIHBhcnNlZDogcHJvZ3JhbQogICAgZXhwcmVzc2lvbjogZXZ0LkxpbmUuTGFiZWxzLnR5cGUKLS0tCg==", ++++ "author": "crowdsecurity", ++++ "labels": null ++++ }, ++++ "crowdsecurity/tcpdump-logs": { ++++ "path": "parsers/s01-parse/crowdsecurity/tcpdump-logs.yaml", ++++ "stage": "s01-parse", ++++ "version": "0.1", ++++ "versions": { ++++ "0.1": { ++++ "digest": "e51892c14d137cc4f12d2203c851a953e743f262561c48ff6108bd4222fff254", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "QSBwYXJzZXIgZm9yIHRjcGR1bXAgbG9ncy4KClRvIG1ha2UgdGhpcyBwYXJzZXIgcmVsZXZhbnQsIHlvdSBzaG91bGQgaGF2ZSBhZGQgdGNwZHVtcCBjb21tYW5kIHRoYXQgbG9nIHRjcCBzY2FuIDoKCkFuIGV4YW1wbGU6CmBgYGJhc2gKY2F0IDw8RU9GID4gL2V0Yy9zeXN0ZW1kL3N5c3RlbS90Y3BkdW1wLnNlcnZpY2UKW1VuaXRdCkRlc2NyaXB0aW9uPVRDUERVTVAKCltTZXJ2aWNlXQpUeXBlPXNpbXBsZQpVc2VyPXJvb3QKRXhlY1N0YXJ0PS9iaW4vc2ggLWMgJ3RjcGR1bXAgLWwgLW4gLWkgZXRoMCAidGNwW3RjcGZsYWdzXSAmICh0Y3Atc3luKSAhPSAwIiA+PiAvdmFyL2xvZy90Y3BkdW1wLm91dCcKUmVzdGFydD1vbi1mYWlsdXJlCgpbSW5zdGFsbF0KV2FudGVkQnk9bXVsdGktdXNlci50YXJnZXQKRU9GCgpzeXN0ZW1jdGwgZGFlbW9uLXJlbG9hZApzeXN0ZW1jdGwgZW5hYmxlIHRjcGR1bXAuc2VydmljZQpzZXJ2aWNlIHRjcGR1bXAgc3RhcnQKYGBgCgo=", ++++ "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAndGNwZHVtcCciCm5hbWU6IGNyb3dkc2VjdXJpdHkvdGNwZHVtcC1sb2dzCiNkZWJ1ZzogdHJ1ZQpkZXNjcmlwdGlvbjogIlBhcnNlIHRjcGR1bXAgcmF3IGxvZ3MiCmdyb2s6CiAgbmFtZTogIlRDUERVTVBfT1VUUFVUIgogIGFwcGx5X29uOiBtZXNzYWdlCnN0YXRpY3M6CiAgICAtIG1ldGE6IHNlcnZpY2UKICAgICAgdmFsdWU6IHRjcAogICAgLSBtZXRhOiBsb2dfdHlwZQogICAgICB2YWx1ZTogdGNwX3N5bgogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc291cmNlX2lwIgogICAgLSBtZXRhOiBkZXN0X2lwCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLmRlc3RfaXAiCiAgICAtIG1ldGE6IGRlc3RfcG9ydAogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC5kZXN0X3BvcnQiCiAgICAtIHBhcnNlZDogIm5ld19jb25uZWN0aW9uIgogICAgICBleHByZXNzaW9uOiAiZXZ0LlBhcnNlZC50Y3BmbGFncyBjb250YWlucyAnUycgPyAndHJ1ZScgOiAnZmFsc2UnIg==", ++++ "description": "Parse tcpdump raw logs", ++++ "author": "crowdsecurity", ++++ "labels": null ++++ }, ++++ "crowdsecurity/vsftpd-logs": { ++++ "path": "parsers/s01-parse/crowdsecurity/vsftpd-logs.yaml", ++++ "stage": "s01-parse", ++++ "version": "0.1", ++++ "versions": { ++++ "0.1": { ++++ "digest": "39d986c6005d2b96b8941a71ee81c4af35bd22b1094685a8b7f7fbc00e1b4f7f", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "RlRQIChbdnNmdHBkXShodHRwczovL2VuLndpa2lwZWRpYS5vcmcvd2lraS9Wc2Z0cGQpKSBhdXRoZW50aWNhdGlvbiBmYWlsIHBhcnNlci4=", ++++ "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCm5hbWU6IHZzZnRwZC1sb2dzCmRlc2NyaXB0aW9uOiAiUGFyc2UgVlNGVFBEIGxvZ3MiCmZpbHRlcjogImV2dC5QYXJzZWQucHJvZ3JhbSA9PSAndnNmdHBkJyIKI2RlYnVnOiB0cnVlCnBhdHRlcm5fc3ludGF4OgogIEZUUF9BVVRIX0ZBSUw6ICcle0hUVFBERVJST1JfREFURTp0aW1lc3RhbXB9IFxbcGlkICV7TlVNQkVSfVxdIFxbJXtHUkVFRFlEQVRBOnVzZXJ9XF0gRkFJTCBMT0dJTjogQ2xpZW50ICIoOjpmZmZmOik/JXtJUDpzb3VyY2VfaXB9IicKZ3JvazoKICBwYXR0ZXJuOiAiJXtGVFBfQVVUSF9GQUlMfSIKICBhcHBseV9vbjogbWVzc2FnZQpzdGF0aWNzOgogICAgLSBtZXRhOiBwcm9ncmFtCiAgICAgIHZhbHVlOiB2c2Z0cGQKICAgIC0gbWV0YTogbG9nX3R5cGUKICAgICAgdmFsdWU6IGZ0cF9mYWlsZWRfYXV0aAogICAgLSBtZXRhOiBzb3VyY2VfaXAKICAgICAgZXhwcmVzc2lvbjogImV2dC5QYXJzZWQuc291cmNlX2lwIgogICAgLSBtZXRhOiB1c2VyCiAgICAgIGV4cHJlc3Npb246ICJldnQuUGFyc2VkLnVzZXIiCiAgICAtIHRhcmdldDogZXZ0LlN0clRpbWUKICAgICAgZXhwcmVzc2lvbjogZXZ0LlBhcnNlZC50aW1lc3RhbXA=", ++++ "description": "Parse VSFTPD logs", ++++ "author": "crowdsecurity", ++++ "labels": null ++++ }, ++++ "crowdsecurity/whitelists": { ++++ "path": "parsers/s02-enrich/crowdsecurity/whitelists.yaml", ++++ "stage": "s02-enrich", ++++ "version": "0.1", ++++ "versions": { ++++ "0.1": { ++++ "digest": "f51f41270a7ff9900d9c815beccc3ded36a1c377a6e21dd19f9d8209623789b1", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "QSBnZW5lcmljIHdoaXRlbGlzdCB0byBhdm9pZCBiYW5uaW5nIHlvdXJzZWxmLCB3aGl0ZWxpc3RlZCByYW5nZXMgOgoxOTIuMTY4LjAuMC8xNiwgMTAuMC4wLjAvOCwgMTcyLjE2LjAuMC8xMgo=", ++++ "content": "bmFtZTogY3Jvd2RzZWN1cml0eS93aGl0ZWxpc3RzCmRlc2NyaXB0aW9uOiAiV2hpdGVsaXN0IGV2ZW50cyBmcm9tIHByaXZhdGUgaXB2NCBhZGRyZXNzZXMiCndoaXRlbGlzdDoKICByZWFzb246ICJwcml2YXRlIGlwdjQgcmFuZ2VzIgogIGlwOiAKICAgIC0gIjEyNy4wLjAuMSIKICBjaWRyOgogICAgLSAiMTkyLjE2OC4wLjAvMTYiCiAgICAtICIxMC4wLjAuMC84IgogICAgLSAiMTcyLjE2LjAuMC8xMiIKICAjIGV4cHJlc3Npb246CiAgIyAgIC0gIidmb28uY29tJyBpbiBldnQuTWV0YS5zb3VyY2VfaXAucmV2ZXJzZSIgCgo=", ++++ "description": "Whitelist events from private ipv4 addresses", ++++ "author": "crowdsecurity", ++++ "labels": null ++++ } ++++ }, ++++ "postoverflows": { ++++ "crowdsecurity/cdn-whitelist": { ++++ "path": "postoverflows/s01-whitelist/crowdsecurity/cdn-whitelist.yaml", ++++ "stage": "s01-whitelist", ++++ "version": "0.3", ++++ "versions": { ++++ "0.1": { ++++ "digest": "d1cb42fbe9f3bb37f3cfa77ef5c60ec0b17dc3703bffb0d422dc6fe9cc0eb9f5", ++++ "deprecated": false ++++ }, ++++ "0.2": { ++++ "digest": "7fb5b1474067c22192cf12effb7d508e316c130900cb00c108c0467d18d9d2c0", ++++ "deprecated": false ++++ }, ++++ "0.3": { ++++ "digest": "63c933b81052c7776deb607ed7c115b89e59a88908123e04573853201122a45a", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "IyBDRE5zIHdoaXRlbGlzdAoKQ0ROcyB3aGl0ZWxpc3QgYmFzZWQgb24gZm9sbG93aW5nIGxpc3RzOgoqIGh0dHBzOi8vd3d3LmNsb3VkZmxhcmUuY29tL2lwcy12NAoKSXQgd2lsbCB3aGl0ZWxpc3Qgb3ZlcmZsb3dzIHRyaWdnZXJlZCBvbiBhbiBJUCBpbiB0aG9zZSBsaXN0cw==", ++++ "content": "bmFtZTogY3Jvd2RzZWN1cml0eS9jZG4td2hpdGVsaXN0CmRlc2NyaXB0aW9uOiAiV2hpdGVsaXN0IENETiBwcm92aWRlcnMiCndoaXRlbGlzdDoKICByZWFzb246ICJDRE4gcHJvdmlkZXIiCiAgZXhwcmVzc2lvbjogCiAgICAtICJhbnkoRmlsZSgnY2xvdWRmbGFyZV9pcHMudHh0JyksIHsgSXBJblJhbmdlKGV2dC5PdmVyZmxvdy5BbGVydC5Tb3VyY2UuSVAgLCMpfSkiCmRhdGE6CiAgLSBzb3VyY2VfdXJsOiBodHRwczovL3d3dy5jbG91ZGZsYXJlLmNvbS9pcHMtdjQKICAgIGRlc3RfZmlsZTogY2xvdWRmbGFyZV9pcHMudHh0CiAgICB0eXBlOiBzdHJpbmcK", ++++ "description": "Whitelist CDN providers", ++++ "author": "crowdsecurity", ++++ "labels": null ++++ }, ++++ "crowdsecurity/rdns": { ++++ "path": "postoverflows/s00-enrich/crowdsecurity/rdns.yaml", ++++ "stage": "s00-enrich", ++++ "version": "0.2", ++++ "versions": { ++++ "0.1": { ++++ "digest": "796da42b262fe6574d78a7c7f95f73876d30a07751679a43afd018fc272e490a", ++++ "deprecated": false ++++ }, ++++ "0.2": { ++++ "digest": "2b174b379f05edb3aa298b7037f6a85cde06b45893e4152492a51757408d517b", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "IyBSZG5zIGVucmljaGVyCgpUaGlzIHdpbGwgdXNlIGByZXZlcnNlX2Ruc2AgbWV0aG9kIHRvIGVucmljaCBlbiBldmVudCB3aXRoIHRoZSByZXZlcnNlIGRucyBvZiB0aGUgSVAgaWYgaXQgZXhpc3RzLg==", ++++ "content": "b25zdWNjZXNzOiBuZXh0X3N0YWdlCmZpbHRlcjogImV2dC5PdmVyZmxvdy5BbGVydC5SZW1lZGlhdGlvbiA9PSB0cnVlIgpuYW1lOiBjcm93ZHNlY3VyaXR5L3JkbnMKZGVzY3JpcHRpb246ICJMb29rdXAgdGhlIEROUyBhc3NvY2lhdGVkIHRvIHRoZSBzb3VyY2UgSVAgb25seSBmb3Igb3ZlcmZsb3dzIgpzdGF0aWNzOgogIC0gbWV0aG9kOiByZXZlcnNlX2RucwogICAgZXhwcmVzc2lvbjogZXZ0Lk92ZXJmbG93LkFsZXJ0LlNvdXJjZS5JUAogIC0gbWV0YTogcmV2ZXJzZV9kbnMKICAgIGV4cHJlc3Npb246IGV2dC5FbnJpY2hlZC5yZXZlcnNlX2Rucwo=", ++++ "description": "Lookup the DNS associated to the source IP only for overflows", ++++ "author": "crowdsecurity", ++++ "labels": null ++++ }, ++++ "crowdsecurity/seo-bots-whitelist": { ++++ "path": "postoverflows/s01-whitelist/crowdsecurity/seo-bots-whitelist.yaml", ++++ "stage": "s01-whitelist", ++++ "version": "0.4", ++++ "versions": { ++++ "0.1": { ++++ "digest": "6df83947191a61ab73a87fccb3c285563bd9c4b3ef8027558d3510d262776ebe", ++++ "deprecated": false ++++ }, ++++ "0.2": { ++++ "digest": "71eccc355bf181addcb1b5681c5fa99e087b23cbd8fed40ade7ff8a3b07488ef", ++++ "deprecated": false ++++ }, ++++ "0.3": { ++++ "digest": "43968bb27b6f8cb8420bdcfa997627bce5f19e62fb96299af8c0e1e767ff0582", ++++ "deprecated": false ++++ }, ++++ "0.4": { ++++ "digest": "f48b0841cc4cf03fe16f118ea1b5d64f4c1eb07cbacf4647bb0e871b4fd71f8c", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "IyBTRU8gQm90cyBXaGl0ZWxpc3QKCkNvbmZpZ3VyYXRpb24gYmFzZWQgb24gYGNyb3dkc2VjdXJpdHkvcmRuc2AgdG8gd2hpdGVsaXN0IGZvbGxvd2luZyBiZW5pZ24gU0VPIGJvdHM6CiogZHVja2R1Y2tCb3QKKiBnb29nbGVib3QKKiB5YW5kZXgKKiBiaW5nCiogYmFpZHUKKiB5YWhvbwoqIHBpbnRlcmVzdAoqIHF3YW50Cg==", ++++ "content": "bmFtZTogY3Jvd2RzZWN1cml0eS9zZW8tYm90cy13aGl0ZWxpc3QKZGVzY3JpcHRpb246ICJXaGl0ZWxpc3QgZ29vZCBzZWFyY2ggZW5naW5lIGNyYXdsZXJzIgp3aGl0ZWxpc3Q6CiAgcmVhc29uOiAiZ29vZCBib3RzIChzZWFyY2ggZW5naW5lIGNyYXdsZXJzKSIKICBleHByZXNzaW9uOiAKICAgIC0gImFueShGaWxlKCdyZG5zX3Nlb19ib3RzLnR4dCcpLCB7IGxlbigjKSA+IDAgJiYgZXZ0LkVucmljaGVkLnJldmVyc2VfZG5zIGVuZHNXaXRoICN9KSIKICAgIC0gIlJlZ2V4cEluRmlsZShldnQuRW5yaWNoZWQucmV2ZXJzZV9kbnMsICdyZG5zX3Nlb19ib3RzLnJlZ2V4JykiCiAgICAtICJhbnkoRmlsZSgnaXBfc2VvX2JvdHMudHh0JyksIHsgbGVuKCMpID4gMCAmJiBJcEluUmFuZ2UoZXZ0Lk92ZXJmbG93LkFsZXJ0LlNvdXJjZS5JUCAsIyl9KSIKZGF0YToKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vcmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbS9jcm93ZHNlY3VyaXR5L3NlYy1saXN0cy9tYXN0ZXIvd2hpdGVsaXN0cy9iZW5pZ25fYm90cy9zZWFyY2hfZW5naW5lX2NyYXdsZXJzL3JkbnNfc2VvX2JvdHMudHh0CiAgICBkZXN0X2ZpbGU6IHJkbnNfc2VvX2JvdHMudHh0CiAgICB0eXBlOiBzdHJpbmcKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vcmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbS9jcm93ZHNlY3VyaXR5L3NlYy1saXN0cy9tYXN0ZXIvd2hpdGVsaXN0cy9iZW5pZ25fYm90cy9zZWFyY2hfZW5naW5lX2NyYXdsZXJzL3JuZHNfc2VvX2JvdHMucmVnZXgKICAgIGRlc3RfZmlsZTogcmRuc19zZW9fYm90cy5yZWdleAogICAgdHlwZTogcmVnZXhwCiAgLSBzb3VyY2VfdXJsOiBodHRwczovL3Jhdy5naXRodWJ1c2VyY29udGVudC5jb20vY3Jvd2RzZWN1cml0eS9zZWMtbGlzdHMvbWFzdGVyL3doaXRlbGlzdHMvYmVuaWduX2JvdHMvc2VhcmNoX2VuZ2luZV9jcmF3bGVycy9pcF9zZW9fYm90cy50eHQKICAgIGRlc3RfZmlsZTogaXBfc2VvX2JvdHMudHh0CiAgICB0eXBlOiBzdHJpbmc=", ++++ "description": "Whitelist good search engine crawlers", ++++ "author": "crowdsecurity", ++++ "labels": null ++++ } ++++ }, ++++ "scenarios": { ++++ "crowdsecurity/ban-defcon-drop_range": { ++++ "path": "scenarios/crowdsecurity/ban-defcon-drop_range.yaml", ++++ "version": "0.2", ++++ "versions": { ++++ "0.1": { ++++ "digest": "da839847a4a67c1787ea5185e2b25e1e26710ac3b12e7c179a9bdda8a99b2009", ++++ "deprecated": false ++++ }, ++++ "0.2": { ++++ "digest": "e1068cba1ce38cc0c3b82b195e91b560e8675ae789c451bbef5c5b4aff1aff02", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "QmFucyBhIHJhbmdlIGlmIG1vcmUgdGhhbiA1IGlwcyBmcm9tIHNhaWQgcmFuZ2UgYXJlIGJhbm5lZC4KCkxlYWtzcGVlZCBvZiAxIG1pbnV0ZSwgY2FwYWNpdHkgb2YgNS4K", ++++ "content": "I1RBUCBJVCBUV0lDRSA6IGlmIG1vcmUgdGhhbiA1IHVuaXF1ZSBJUHMgb2YgYSByYW5nZSBhcmUgYmVpbmcgYmFubmVkLCBkcm9wIHRoZSByYW5nZQp0eXBlOiBsZWFreQojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9iYW4tZGVmY29uLWRyb3BfcmFuZ2UKZGVzY3JpcHRpb246ICJCYW4gYSByYW5nZSBpZiBtb3JlIHRoYW4gNSBpcHMgZnJvbSBpdCBhcmUgYmFubmVkIGF0IGEgdGltZSIKI2l0J3MgYW4gb3ZlcmZsb3cgZnJvbSBhIHNjZW5hcmlvIHRoYXQgdHJpZ2dlcmVkIGEgcmVtZWRpYXRpb24gOykKZmlsdGVyOiAiZXZ0LkdldFR5cGUoKSA9PSAnb3ZlcmZsb3cnICYmIGV2dC5PdmVyZmxvdy5BbGVydC5SZW1lZGlhdGlvbiA9PSB0cnVlIgpncm91cGJ5OiAiZXZ0Lk92ZXJmbG93LkFsZXJ0LlNvdXJjZS5SYW5nZSIKZGlzdGluY3Q6ICJldnQuT3ZlcmZsb3cuQWxlcnQuU291cmNlLklQIgpjYXBhY2l0eTogNQpsZWFrc3BlZWQ6ICIxbSIKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiByZW1lZGlhdGlvbjogdHJ1ZQpzY29wZToKIHR5cGU6IFJhbmdlCgo=", ++++ "description": "Ban a range if more than 5 ips from it are banned at a time", ++++ "author": "crowdsecurity", ++++ "labels": { ++++ "remediation": "true" ++++ } ++++ }, ++++ "crowdsecurity/ban-report-ssh_bf_report": { ++++ "path": "scenarios/crowdsecurity/ban-report-ssh_bf_report.yaml", ++++ "version": "0.2", ++++ "versions": { ++++ "0.1": { ++++ "digest": "0a7bc501a12b4a8aff250d95d3a08dd0f53ad9eb874ac523ba9c628302749c4d", ++++ "deprecated": false ++++ }, ++++ "0.2": { ++++ "digest": "34d80ea3e271c1c1735e55076610063b137a2311a11d51fecff93715b9a4ac39", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "Q291bnQgdGhlIG51bWJlciBvZiB1bmlxdWUgaXBzIHRoYXQgcGVyZm9ybWVkIHNzaF9icnV0ZWZvcmNlcywgcmVwb3J0IGV2ZXJ5IDEwIG1pbnV0ZXMuCg==", ++++ "content": "dHlwZTogY291bnRlcgpuYW1lOiBjcm93ZHNlY3VyaXR5L2Jhbi1yZXBvcnRzLXNzaF9iZl9yZXBvcnQKZGVzY3JpcHRpb246ICJDb3VudCB1bmlxdWUgaXBzIHBlcmZvcm1pbmcgc3NoIGJydXRlZm9yY2UiCiNkZWJ1ZzogdHJ1ZQpmaWx0ZXI6ICJldnQuT3ZlcmZsb3cuQWxlcnQuU2NlbmFyaW8gPT0gJ3NzaF9icnV0ZWZvcmNlJyIKZGlzdGluY3Q6ICJldnQuT3ZlcmZsb3cuQWxlcnQuU291cmNlLklQIgpjYXBhY2l0eTogLTEKZHVyYXRpb246IDEwbQpsYWJlbHM6CiAgc2VydmljZTogc3NoCg==", ++++ "description": "Count unique ips performing ssh bruteforce", ++++ "author": "crowdsecurity", ++++ "labels": { ++++ "service": "ssh" ++++ } ++++ }, ++++ "crowdsecurity/dovecot-spam": { ++++ "path": "scenarios/crowdsecurity/dovecot-spam.yaml", ++++ "version": "0.1", ++++ "versions": { ++++ "0.1": { ++++ "digest": "fc1429f0c8d5b1ba20660ac0725fe0b52bb0382efa746e9bd962d80bdf7c9310", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "U3BhbSBkZXRlY3Rpb24gZm9yIGRvdmVjb3QgKGNhcGFjaXR5IG9mIDMgYW5kIGxlYWtzcGVlZCBvZiAzNjBzKQoKLSBhbGxvd3MgZmFpbCBhdXRoZW50aWNhdGlvbiBhdHRlbXB0IGV2ZXJ5IDYgbWludXRlcyB3aXRoIGEgYnVyc3Qgb2YgMwoKPiBDb250cmlidXRpb24gYnkgaHR0cHM6Ly9naXRodWIuY29tL0x0U2ljaAo=", ++++ "content": "I2NvbnRyaWJ1dGlvbiBieSBAbHRzaWNoCnR5cGU6IGxlYWt5Cm5hbWU6IGNyb3dkc2VjdXJpdHkvZG92ZWNvdC1zcGFtCmRlc2NyaXB0aW9uOiAiZGV0ZWN0IGVycm9ycyBvbiBkb3ZlY290IgpkZWJ1ZzogZmFsc2UKIyByZXF1ZXN0IHdpdGggbG9naW4gIT0gTG9naW4KZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2RvdmVjb3RfbG9ncycgJiYgZXZ0LlBhcnNlZC5kb3ZlY290X2xvZ2luX3Jlc3VsdCAhPSAnTG9naW4nIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKY2FwYWNpdHk6IDMKbGVha3NwZWVkOiAiMzYwcyIKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiBzZXJ2aWNlOiBodHRwCiB0eXBlOiBzY2FuCiByZW1lZGlhdGlvbjogdHJ1ZQo=", ++++ "description": "detect errors on dovecot", ++++ "author": "crowdsecurity", ++++ "labels": { ++++ "remediation": "true", ++++ "service": "http", ++++ "type": "scan" ++++ } ++++ }, ++++ "crowdsecurity/http-backdoors-attempts": { ++++ "path": "scenarios/crowdsecurity/http-backdoors-attempts.yaml", ++++ "version": "0.2", ++++ "versions": { ++++ "0.1": { ++++ "digest": "2eaba549ef284a36349482aa803b201fa8dcbff0f4d1ab2c5127d6b29806bba1", ++++ "deprecated": false ++++ }, ++++ "0.2": { ++++ "digest": "388ec8c8f0679601bafa27fdf57fd414312bb2110bff56ef583bb505a1866d8b", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "RGV0ZWN0IGF0dGVtcHRzIHRvIGFjY2VzcyBjb21tb24gYmFja2Rvb3JzIHN1Y2ggYXMgYzk5LnBocCAuLi4KCiMjIENvbmZpZ3VyYXRpb24KClRoaXMgc2NlbmFyaW8gd2lsbCBiZSB0cmlnZ2VyIGlmIGFuIGF0dGFja2VyIHJlcXVlc3RzIGEgbWluaW11bSBvZiB0d28gZGlmZmVyZW50cyBmaWxlIG9mIFt0aGUgbGlzdF0oaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL2Nyb3dkc2VjdXJpdHkvc2VjLWxpc3RzL21hc3Rlci93ZWIvYmFja2Rvb3JzLnR4dCkvCgpDb25maWd1cmF0aW9uOgoKYGRpc3RpbmN0YCA6IGBldnQuUGFyc2VkLnJlcXVlc3RgIChIVFRQIHJlcXVlc3QgVVJJKQoKYGxlYWtzcGVlZGAgOiA1IHNlY29uZGVzCgpgZ3JvdXBfYnlgIDogYGV2dC5NZXRhLnNvdXJjZV9pcGAKCgojIyMgRGF0YQoKVGhpcyBzY2VuYXJpbyB1c2UgdGhlIFtmb2xsb3dpbmcgbGlzdCBiYWNrZG9vcnMudHh0XShodHRwczovL3Jhdy5naXRodWJ1c2VyY29udGVudC5jb20vY3Jvd2RzZWN1cml0eS9zZWMtbGlzdHMvbWFzdGVyL3dlYi9iYWNrZG9vcnMudHh0KSBmcm9tIFtkYW5pZWxtaWVzc2xlcl0oaHR0cHM6Ly9naXRodWIuY29tL2RhbmllbG1pZXNzbGVyL1NlY0xpc3RzKQ==", ++++ "content": "dHlwZTogbGVha3kKI2RlYnVnOiB0cnVlCm5hbWU6IGNyb3dkc2VjdXJpdHkvaHR0cC1iYWNrZG9vcnMtYXR0ZW1wdHMKZGVzY3JpcHRpb246ICJEZXRlY3QgYXR0ZW1wdCB0byBjb21tb24gYmFja2Rvb3JzIgpmaWx0ZXI6ICdldnQuTWV0YS5sb2dfdHlwZSBpbiBbImh0dHBfYWNjZXNzLWxvZyIsICJodHRwX2Vycm9yLWxvZyJdIGFuZCBhbnkoRmlsZSgiYmFja2Rvb3JzLnR4dCIpLCB7IGV2dC5QYXJzZWQucmVxdWVzdCBjb250YWlucyAjfSknCmdyb3VwYnk6ICJldnQuTWV0YS5zb3VyY2VfaXAiCmRpc3RpbmN0OiBldnQuUGFyc2VkLnJlcXVlc3QKZGF0YToKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vcmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbS9jcm93ZHNlY3VyaXR5L3NlYy1saXN0cy9tYXN0ZXIvd2ViL2JhY2tkb29ycy50eHQKICAgIGRlc3RfZmlsZTogYmFja2Rvb3JzLnR4dAogICAgdHlwZTogc3RyaW5nCmNhcGFjaXR5OiAxCmxlYWtzcGVlZDogNXMKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiAgc2VydmljZTogaHR0cAogIHR5cGU6IGRpc2NvdmVyeQogIHJlbWVkaWF0aW9uOiB0cnVlCg==", ++++ "description": "Detect attempt to common backdoors", ++++ "author": "crowdsecurity", ++++ "labels": { ++++ "remediation": "true", ++++ "service": "http", ++++ "type": "discovery" ++++ } ++++ }, ++++ "crowdsecurity/http-bad-user-agent": { ++++ "path": "scenarios/crowdsecurity/http-bad-user-agent.yaml", ++++ "version": "0.3", ++++ "versions": { ++++ "0.1": { ++++ "digest": "46e7058419bc3086f2919fb9afad6b2e85f0d4764f74153dd336ed491f99fa08", ++++ "deprecated": false ++++ }, ++++ "0.2": { ++++ "digest": "524e2465c1bd817b4d54b37ccb4d2457eec1dad789e21690f51e43469545f426", ++++ "deprecated": false ++++ }, ++++ "0.3": { ++++ "digest": "d3cae6c40fadd16693e449b4eb7a030586c8f1a9d9dd33c97001c9dc717c68f2", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "IyBLbm93biBiYWQgdXNlci1hZ2VudHMKCkRldGVjdCBrbm93biBiYWQgdXNlci1hZ2VudHMuCgpCYW5zIGFmdGVyIHR3byByZXF1ZXN0cy4KCgoKCgo=", ++++ "content": "dHlwZTogbGVha3kKZm9ybWF0OiAyLjAKI2RlYnVnOiB0cnVlCm5hbWU6IGNyb3dkc2VjdXJpdHkvaHR0cC1iYWQtdXNlci1hZ2VudApkZXNjcmlwdGlvbjogIkRldGVjdCBiYWQgdXNlci1hZ2VudHMiCmZpbHRlcjogJ2V2dC5NZXRhLmxvZ190eXBlIGluIFsiaHR0cF9hY2Nlc3MtbG9nIiwgImh0dHBfZXJyb3ItbG9nIl0gJiYgYW55KEZpbGUoImJhZF91c2VyX2FnZW50cy50eHQiKSwge2V2dC5QYXJzZWQuaHR0cF91c2VyX2FnZW50IGNvbnRhaW5zICN9KScKZGF0YToKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vcmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbS9jcm93ZHNlY3VyaXR5L3NlYy1saXN0cy9tYXN0ZXIvd2ViL2JhZF91c2VyX2FnZW50cy50eHQKICAgIGRlc3RfZmlsZTogYmFkX3VzZXJfYWdlbnRzLnR4dAogICAgdHlwZTogc3RyaW5nCmNhcGFjaXR5OiAxCmxlYWtzcGVlZDogMW0KZ3JvdXBieTogImV2dC5NZXRhLnNvdXJjZV9pcCIKYmxhY2tob2xlOiAybQpsYWJlbHM6CiAgdHlwZTogc2NhbgogIHJlbWVkaWF0aW9uOiB0cnVlCg==", ++++ "description": "Detect bad user-agents", ++++ "author": "crowdsecurity", ++++ "labels": { ++++ "remediation": "true", ++++ "type": "scan" ++++ } ++++ }, ++++ "crowdsecurity/http-bf-wordpress_bf": { ++++ "path": "scenarios/crowdsecurity/http-bf-wordpress_bf.yaml", ++++ "version": "0.2", ++++ "versions": { ++++ "0.1": { ++++ "digest": "628d9988c1f2448f4ffa5a72fe8aec6e1c1eedd8c838447630cce653bf31cbd9", ++++ "deprecated": false ++++ }, ++++ "0.2": { ++++ "digest": "f4074942f2454ffeae226219e0807c63262413986a5b07fc939f4b0835e7bef2", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "RGV0ZWN0cyBicnV0ZWZvcmNlIG9uIHdvcmRwcmVzcyBsb2dpbiBwYWdlICd3cC1sb2dpbi5waHAnLgoKbGVha3NwZWVkIG9mIDEwcywgY2FwYWNpdHkgb2YgNQoK", ++++ "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLWJmLXdvcmRwcmVzc19iZgpkZXNjcmlwdGlvbjogImRldGVjdCB3b3JkcHJlc3MgYnJ1dGVmb3JjZSIKZGVidWc6IGZhbHNlCiMgZmFpbGVkIGF1dGggb24gd3AtbG9naW4ucGhwIHJldHVybnMgMjAwCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlID09ICdodHRwX2FjY2Vzcy1sb2cnICYmIGV2dC5QYXJzZWQuZmlsZV9uYW1lID09ICd3cC1sb2dpbi5waHAnICYmIGV2dC5QYXJzZWQudmVyYiA9PSAnUE9TVCciCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApjYXBhY2l0eTogNQpsZWFrc3BlZWQ6ICIxMHMiCmJsYWNraG9sZTogNW0KbGFiZWxzOgogc2VydmljZTogaHR0cAogdHlwZTogYnJ1dGVmb3JjZQogcmVtZWRpYXRpb246IHRydWU=", ++++ "description": "detect wordpress bruteforce", ++++ "author": "crowdsecurity", ++++ "labels": { ++++ "remediation": "true", ++++ "service": "http", ++++ "type": "bruteforce" ++++ } ++++ }, ++++ "crowdsecurity/http-crawl-non_statics": { ++++ "path": "scenarios/crowdsecurity/http-crawl-non_statics.yaml", ++++ "version": "0.2", ++++ "versions": { ++++ "0.1": { ++++ "digest": "86265749b84641e86e7e8ea3c1df53a1cabd1e0e04b6f93853db5d0687913cc7", ++++ "deprecated": false ++++ }, ++++ "0.2": { ++++ "digest": "41fb957dfc8e2bb4ae76f2a64a5a25e169e5a0e7e53f42c432e84bec933657ca", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "RGV0ZWN0IGNyYXdsIG9uIG5vbi1zdGF0aWMgKGpwZyxjc3MsanMsZXRjLikgaHR0cCBwYWdlcyBmcm9tIGEgc2luZ2xlIGlwLgoKTGVha3NwZWVkIG9mIDAuNXMsIGNhcGFjaXR5IG9mIDQwCg==", ++++ "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLWNyYXdsLW5vbl9zdGF0aWNzCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IGFnZ3Jlc3NpdmUgY3Jhd2wgZnJvbSBzaW5nbGUgaXAiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlIGluIFsnaHR0cF9hY2Nlc3MtbG9nJywgJ2h0dHBfZXJyb3ItbG9nJ10gJiYgZXZ0LlBhcnNlZC5zdGF0aWNfcmVzc291cmNlID09ICdmYWxzZSciCmRpc3RpbmN0OiAiZXZ0LlBhcnNlZC5maWxlX25hbWUiCmxlYWtzcGVlZDogMC41cwpjYXBhY2l0eTogNDAKI2RlYnVnOiB0cnVlCiN0aGlzIGxpbWl0cyB0aGUgbWVtb3J5IGNhY2hlIChhbmQgZXZlbnRfc2VxdWVuY2VzIGluIG91dHB1dCkgdG8gZml2ZSBldmVudHMKY2FjaGVfc2l6ZTogNQpncm91cGJ5OiAiZXZ0Lk1ldGEuc291cmNlX2lwICsgJy8nICsgZXZ0LlBhcnNlZC50YXJnZXRfZnFkbiIKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiBzZXJ2aWNlOiBodHRwCiB0eXBlOiBjcmF3bAogcmVtZWRpYXRpb246IHRydWUK", ++++ "description": "Detect aggressive crawl from single ip", ++++ "author": "crowdsecurity", ++++ "labels": { ++++ "remediation": "true", ++++ "service": "http", ++++ "type": "crawl" ++++ } ++++ }, ++++ "crowdsecurity/http-generic-bf": { ++++ "path": "scenarios/crowdsecurity/http-generic-bf.yaml", ++++ "version": "0.1", ++++ "versions": { ++++ "0.1": { ++++ "digest": "aaaf0209fe77be79d8d61a50e73e5da6807e8f13eb7d9832e705553770f6d376", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "QWxlcnQgd2hlbiBhIHNpbmdsZSBJUCB0aGF0IHRyeSB0byBicnV0ZWZvcmNlIGh0dHAgYmFzaWMgYXV0aC4KCkxlYWtzcGVlZCBvZiAxMHMsIGNhcGFjaXR5IG9mIDUuCg==", ++++ "content": "IyA0MDQgc2Nhbgp0eXBlOiBsZWFreQojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLWdlbmVyaWMtYmYKZGVzY3JpcHRpb246ICJEZXRlY3QgZ2VuZXJpYyBodHRwIGJydXRlIGZvcmNlIgpmaWx0ZXI6ICJldnQuTWV0YS5zZXJ2aWNlID09ICdodHRwJyAmJiBldnQuTWV0YS5zdWJfdHlwZSA9PSAnYXV0aF9mYWlsJyIKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmNhcGFjaXR5OiA1CmxlYWtzcGVlZDogIjEwcyIKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiBzZXJ2aWNlOiBodHRwCiB0eXBlOiBiZgogcmVtZWRpYXRpb246IHRydWUK", ++++ "description": "Detect generic http brute force", ++++ "author": "crowdsecurity", ++++ "labels": { ++++ "remediation": "true", ++++ "service": "http", ++++ "type": "bf" ++++ } ++++ }, ++++ "crowdsecurity/http-path-traversal-probing": { ++++ "path": "scenarios/crowdsecurity/http-path-traversal-probing.yaml", ++++ "version": "0.2", ++++ "versions": { ++++ "0.1": { ++++ "digest": "3f00b0aa00448549a0a9635fdd86d8135503078c7087c1f5e4af11d49e7c2ee1", ++++ "deprecated": false ++++ }, ++++ "0.2": { ++++ "digest": "b02022230086b96c212913406376584cc431332bb5cd26078dffa44ff9454499", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "VGhlIGh0dHAgcGF0aCB0cmF2ZXJzYWwgcHJvYmluZyBzY2VuYXJpbyBhaW1zIGF0IGRldGVjdGluZywgd2l0aCB2ZXJ5IGxpdHRsZSBmYWxzZSBwb3NpdGl2ZSBjaGFuY2VzLCBwYXRoIHRyYXZlcnNhbCBwcm9iaW5nIGF0dGVtcHRzLgoKUGF0aCB0cmF2ZXJzYWwgYXR0ZW1wdHMgd2lsbCBiZSBkZXRlY3RlZCB3aXRoIHRoZSBwcmVzZW5jZSBvZiBzcGVjaWZpYyBwYXRoIG1hbmlwdWxhdGlvbiBwYXR0ZXJucyBpbiB0aGUgVVJJIG9yIHRoZSBgR0VUYCBwYXJhbWV0ZXIgc3VjaCBhcyBgLi4vYCAsIGAlMkZldGMlMkZwYXNzd2RgIC4uLgoKOndhcm5pbmc6IFRoaXMgc2NlbmFyaW8gaXMgX25vdF8gYSBXQUYgYW5kIHRoaXMgc2NlbmFyaW8gZG9lcyBfbm90XyBhaW1zIGF0IHJlcGxhY2luZyBhIFdBRi4=", ++++ "content": "IyBwYXRoIHRyYXZlcnNhbCBwcm9iaW5nCnR5cGU6IGxlYWt5CiNkZWJ1ZzogdHJ1ZQpuYW1lOiBjcm93ZHNlY3VyaXR5L2h0dHAtcGF0aC10cmF2ZXJzYWwtcHJvYmluZwpkZXNjcmlwdGlvbjogIkRldGVjdCBwYXRoIHRyYXZlcnNhbCBhdHRlbXB0IgpmaWx0ZXI6ICJldnQuTWV0YS5sb2dfdHlwZSBpbiBbJ2h0dHBfYWNjZXNzLWxvZycsICdodHRwX2Vycm9yLWxvZyddICYmIGFueShGaWxlKCdodHRwX3BhdGhfdHJhdmVyc2FsLnR4dCcpLHtldnQuTWV0YS5odHRwX3BhdGggY29udGFpbnMgI30pIgpkYXRhOgogIC0gc291cmNlX3VybDogaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL2Nyb3dkc2VjdXJpdHkvc2VjLWxpc3RzL21hc3Rlci93ZWIvcGF0aF90cmF2ZXJzYWwudHh0CiAgICBkZXN0X2ZpbGU6IGh0dHBfcGF0aF90cmF2ZXJzYWwudHh0CiAgICB0eXBlOiBzdHJpbmcKZ3JvdXBieTogImV2dC5NZXRhLnNvdXJjZV9pcCIKZGlzdGluY3Q6ICJldnQuTWV0YS5odHRwX3BhdGgiCmNhcGFjaXR5OiAzCnJlcHJvY2VzczogdHJ1ZQpsZWFrc3BlZWQ6IDEwcwpibGFja2hvbGU6IDJtCmxhYmVsczoKIHNlcnZpY2U6IGh0dHAKIHR5cGU6IHNjYW4KIHJlbWVkaWF0aW9uOiB0cnVlCg==", ++++ "description": "Detect path traversal attempt", ++++ "author": "crowdsecurity", ++++ "labels": { ++++ "remediation": "true", ++++ "service": "http", ++++ "type": "scan" ++++ } ++++ }, ++++ "crowdsecurity/http-probing": { ++++ "path": "scenarios/crowdsecurity/http-probing.yaml", ++++ "version": "0.2", ++++ "versions": { ++++ "0.1": { ++++ "digest": "580a3bcbb3756b8da7717c88708305791f39ef17c1e5c3041a1dd54b7293f57a", ++++ "deprecated": false ++++ }, ++++ "0.2": { ++++ "digest": "c8bb45b4fb8834ea1dc5cff6439dd272c87d7ee5af4a51e77341ec6edc5d7a25", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "VGFrZSByZW1lZGlhdGlvbiBhZ2FpbnN0IGEgc2luZ2xlIElQIHRoYXQgcmVxdWlyZXMgbXVsdGlwbGUgZGlmZmVyZW50IChodHRwIHBhdGgpIHBhZ2VzIHRoYXQgZW5kIHVwIGluIDQwNC80MDMvNDAwLgoKTGVha3NwZWVkIG9mIDEwcywgY2FwYWNpdHkgb2YgMTAuCg==", ++++ "content": "IyA0MDQgc2Nhbgp0eXBlOiBsZWFreQojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLXByb2JpbmcKZGVzY3JpcHRpb246ICJEZXRlY3Qgc2l0ZSBzY2FubmluZy9wcm9iaW5nIGZyb20gYSBzaW5nbGUgaXAiCmZpbHRlcjogImV2dC5NZXRhLnNlcnZpY2UgPT0gJ2h0dHAnICYmIGV2dC5NZXRhLmh0dHBfc3RhdHVzIGluIFsnNDA0JywgJzQwMycsICc0MDAnXSAmJiBldnQuUGFyc2VkLnN0YXRpY19yZXNzb3VyY2UgPT0gJ2ZhbHNlJyIKZ3JvdXBieTogImV2dC5NZXRhLnNvdXJjZV9pcCArICcvJyArIGV2dC5QYXJzZWQudGFyZ2V0X2ZxZG4iCmRpc3RpbmN0OiAiZXZ0Lk1ldGEuaHR0cF9wYXRoIgpjYXBhY2l0eTogMTAKcmVwcm9jZXNzOiB0cnVlCmxlYWtzcGVlZDogIjEwcyIKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiBzZXJ2aWNlOiBodHRwCiB0eXBlOiBzY2FuCiByZW1lZGlhdGlvbjogdHJ1ZQo=", ++++ "description": "Detect site scanning/probing from a single ip", ++++ "author": "crowdsecurity", ++++ "labels": { ++++ "remediation": "true", ++++ "service": "http", ++++ "type": "scan" ++++ } ++++ }, ++++ "crowdsecurity/http-sensitive-files": { ++++ "path": "scenarios/crowdsecurity/http-sensitive-files.yaml", ++++ "version": "0.2", ++++ "versions": { ++++ "0.1": { ++++ "digest": "9ed53c09709b6e9f11b52e204c8155e9a6b9db9de25686c6b1909a9c59740c5f", ++++ "deprecated": false ++++ }, ++++ "0.2": { ++++ "digest": "3f20d74ee5b040db30743ed189537e8c43e04f8954bb5a02251a3495e7a2a555", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "IyBIVFRQIFNlbnNpdGl2ZSBmaWxlcwoKRGV0ZWN0IHRlbnRhdGl2ZSBvZiBkYW5nZXJvdXMgZmlsZSBzY2FubmluZyBzdWNoIGFzIGxvZ3MgZmlsZSwgZGF0YWJhc2UgYmFja3VwLCB6aXAgYXJjaGl2ZSBldGMgLi4uCgojIyMgUnVsZQpNb3JlIHRoYW4gMyBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGZpbGVzIGluIFt0aGlzIGxpc3RdKGh0dHBzOi8vcmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbS9jcm93ZHNlY3VyaXR5L3NlYy1saXN0cy9tYXN0ZXIvd2ViL3NlbnNpdGl2ZV9kYXRhLnR4dCk=", ++++ "content": "dHlwZTogbGVha3kKZm9ybWF0OiAyLjAKI2RlYnVnOiB0cnVlCm5hbWU6IGNyb3dkc2VjdXJpdHkvaHR0cC1zZW5zaXRpdmUtZmlsZXMKZGVzY3JpcHRpb246ICJEZXRlY3QgYXR0ZW1wdCB0byBhY2Nlc3MgdG8gc2Vuc2l0aXZlIGZpbGVzICgubG9nLCAuZGIgLi4pIG9yIGZvbGRlcnMgKC5naXQpIgpmaWx0ZXI6ICdldnQuTWV0YS5sb2dfdHlwZSBpbiBbImh0dHBfYWNjZXNzLWxvZyIsICJodHRwX2Vycm9yLWxvZyJdIGFuZCBhbnkoRmlsZSgic2Vuc2l0aXZlX2RhdGEudHh0IiksIHsgZXZ0LlBhcnNlZC5yZXF1ZXN0IGVuZHNXaXRoICN9KScKZ3JvdXBieTogImV2dC5NZXRhLnNvdXJjZV9pcCIKZGlzdGluY3Q6IGV2dC5QYXJzZWQucmVxdWVzdApkYXRhOgogIC0gc291cmNlX3VybDogaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL2Nyb3dkc2VjdXJpdHkvc2VjLWxpc3RzL21hc3Rlci93ZWIvc2Vuc2l0aXZlX2RhdGEudHh0CiAgICBkZXN0X2ZpbGU6IHNlbnNpdGl2ZV9kYXRhLnR4dAogICAgdHlwZTogc3RyaW5nCmNhcGFjaXR5OiA0CmxlYWtzcGVlZDogNXMKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiAgc2VydmljZTogaHR0cAogIHR5cGU6IGRpc2NvdmVyeQogIHJlbWVkaWF0aW9uOiB0cnVlCg==", ++++ "description": "Detect attempt to access to sensitive files (.log, .db ..) or folders (.git)", ++++ "author": "crowdsecurity", ++++ "labels": { ++++ "remediation": "true", ++++ "service": "http", ++++ "type": "discovery" ++++ } ++++ }, ++++ "crowdsecurity/http-sqli-probing": { ++++ "path": "scenarios/crowdsecurity/http-sqli-probing.yaml", ++++ "version": "0.2", ++++ "versions": { ++++ "0.1": { ++++ "digest": "f3388a2016f9a7fc48a31a357b21c8e65093b8031fc7b120ee2f020de16be246", ++++ "deprecated": false ++++ }, ++++ "0.2": { ++++ "digest": "87683f8a569090e52fbcc6ca2ffe139658950d6a05f9d611fd13e90ab875cdb1", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "VGhlIGh0dHAgc3FsaSBwcm9iaW5nIHNjZW5hcmlvIGFpbXMgYXQgZGV0ZWN0aW5nLCB3aXRoIHZlcnkgbGl0dGxlIGZhbHNlIHBvc2l0aXZlIGNoYW5jZXMsIFNRTCBpbmplY3Rpb24gcHJvYmluZyBhdHRlbXB0cy4KClNRTCBpbmplY3Rpb24gcHJvYmluZyBhdHRlbXB0cyB3aWxsIGJlIGNoYXJhY3Rlcml6ZWQgYnkgdGhlIHByZXNlbmNlIG9mIHNwZWNpZmljIFNRTC1yZWxhdGVkIHBhdHRlcm5zIGluIHVyaS9HRVQgYXJndW1lbnRzIChpZiBhbmQgd2hlbiB0aGlzIGlzIHdoZXJlIHRoZSBpbmplY3RlZCBwYXJhbWV0ZXIgaXMpLCBhbmQgdGhpcyBpcyB3aGF0IHRoaXMgc2NlbmFyaW8gZGV0ZWN0cy4KCgpUaGUgW3dvcmQgbGlzdF0oaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL2Nyb3dkc2VjdXJpdHkvc2VjLWxpc3RzL21hc3Rlci93ZWIvc3FsaV9wcm9iZV9wYXR0ZXJucy50eHQpIGlzIHBpY2tlZCBzcGVjaWZpY2FsbHkgdG8gbGltaXQgZmFsc2UgcG9zaXRpdmVzLgpGdXJ0aGVybW9yZSwgYSBgZGlzdGluY3RgIGRpcmVjdGl2ZSBpcyBwcmVzZW50IG9uIHRoZSBnZXQgcGFyYW1ldGVycyB0aGVtc2VsdmVzIHRvIHJlZHVjZSBmYWxzZSBwb3NpdGl2ZSBjaGFuY2VzLgoKWW91IGNhbiB0ZXN0IHRoZSBiZWhhdmlvciBvZiB0aGUgc2NlbmFyaW8gYnkgbGF1bmNoaW5nIHRoZSBleGNlbGxlbnQgW3NxbG1hcF0oaHR0cHM6Ly9zcWxtYXAub3JnKSBvbiBvbmUgb2YgeW91ciBwYWdlcy4KCioqV0FSTklORyoqIFRoaXMgc2NlbmFyaW8gaXMgX25vdF8gYSBXQUYsIGFuZCB0aGlzIHNjZW5hcmlvIGRvZXMgX25vdF8gYWltcyBhdCByZXBsYWNpbmcgYSBXQUYuIEEgbW90aXZhdGVkIGF0dGFja2VyIHdpdGgga25vd2xlZGdlIG9mIGNyb3dkc2VjIHdpbGwgYmUgYWJsZSB0byBieXBhc3MgaXQuIEl0IGlzIG1vc3RseSBtZWFudCB0byBiZSBhIHdheSB0byBkZXRlY3QgZ2VuZXJpYyBTUUwgaW5qZWN0aW9uIHByb2Jpbmcgc3VjaCBhcyBwZXJmb3JtZWQgYnkgb3Blbi1zb3VyY2Ugb3IgY29tbWVyY2lhbCBzY2FubmVycy4KCg==", ++++ "content": "dHlwZTogbGVha3kKI3JlcXVpcmVzIGF0IGxlYXN0IDIuMCBiZWNhdXNlIGl0J3MgdXNpbmcgdGhlICdkYXRhJyBzZWN0aW9uIGFuZCB0aGUgJ1VwcGVyJyBleHByIGhlbHBlcgpmb3JtYXQ6IDIuMApuYW1lOiBjcm93ZHNlY3VyaXR5L2h0dHAtc3FsaS1wcm9iYmluZy1kZXRlY3Rpb24KZGF0YToKICAtIHNvdXJjZV91cmw6IGh0dHBzOi8vcmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbS9jcm93ZHNlY3VyaXR5L3NlYy1saXN0cy9tYXN0ZXIvd2ViL3NxbGlfcHJvYmVfcGF0dGVybnMudHh0CiAgICBkZXN0X2ZpbGU6IHNxbGlfcHJvYmVfcGF0dGVybnMudHh0CiAgICB0eXBlOiBzdHJpbmcKZGVzY3JpcHRpb246ICJBIHNjZW5hcmlvIHRoYXQgZGV0ZWN0cyBTUUwgaW5qZWN0aW9uIHByb2Jpbmcgd2l0aCBtaW5pbWFsIGZhbHNlIHBvc2l0aXZlcyIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgaW4gWydodHRwX2FjY2Vzcy1sb2cnLCAnaHR0cF9lcnJvci1sb2cnXSAmJiBhbnkoRmlsZSgnc3FsaV9wcm9iZV9wYXR0ZXJucy50eHQnKSwge1VwcGVyKGV2dC5QYXJzZWQuaHR0cF9hcmdzKSBjb250YWlucyBVcHBlcigjKX0pIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKY2FwYWNpdHk6IDEwCmxlYWtzcGVlZDogMXMKYmxhY2tob2xlOiA1bQojbG93IGZhbHNlIHBvc2l0aXZlcyBhcHByb2FjaCA6IHdlIHJlcXVpcmUgZGlzdGluY3QgcGF5bG9hZHMgdG8gYXZvaWQgZmFsc2UgcG9zaXRpdmVzCmRpc3RpbmN0OiBldnQuUGFyc2VkLmh0dHBfYXJncwpsYWJlbHM6CiAgc2VydmljZTogaHR0cAogIHR5cGU6IHNxbGlfcHJvYmluZwogIHJlbWVkaWF0aW9uOiB0cnVlCg==", ++++ "description": "A scenario that detects SQL injection probing with minimal false positives", ++++ "author": "crowdsecurity", ++++ "labels": { ++++ "remediation": "true", ++++ "service": "http", ++++ "type": "sqli_probing" ++++ } ++++ }, ++++ "crowdsecurity/http-xss-probing": { ++++ "path": "scenarios/crowdsecurity/http-xss-probing.yaml", ++++ "version": "0.2", ++++ "versions": { ++++ "0.1": { ++++ "digest": "8d6f0d6f9dc48f8f5ad561a2cdb315e499539b3575f259e0d6cf5850ef1efc9e", ++++ "deprecated": false ++++ }, ++++ "0.2": { ++++ "digest": "1c4d58e1a29cf806a92f67c981532f8a4656312abd05697dcc69b59b757f0076", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "VGhlIGh0dHAgWFNTIHByb2Jpbmcgc2NlbmFyaW8gYWltcyBhdCBkZXRlY3RpbmcsIHdpdGggdmVyeSBsaXR0bGUgZmFsc2UgcG9zaXRpdmUgY2hhbmNlcywgWFNTIHByb2JpbmcgYXR0ZW1wdHMuCgpYU1MgcHJvYmluZyBhdHRlbXB0cyB3aWxsIGJlIGNoYXJhY3Rlcml6ZWQgYnkgdGhlIHByZXNlbmNlIG9mIHNwZWNpZmljIFhTUyByZWxhdGVkIHBhdHRlcm5zIGluIHVyaS9HRVQgYXJndW1lbnRzIChpZiBhbmQgd2hlbiB0aGlzIGlzIHdoZXJlIHRoZSBpbmplY3RlZCBwYXJhbWV0ZXIgaXMpLCBhbmQgdGhpcyBpcyB3aGF0IHRoaXMgc2NlbmFyaW8gZGV0ZWN0cy4KCgpUaGUgW3dvcmQgbGlzdF0oaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL2Nyb3dkc2VjdXJpdHkvc2VjLWxpc3RzL21hc3Rlci93ZWIveHNzX3Byb2JlX3BhdHRlcm5zLnR4dCkgaXMgcGlja2VkIHNwZWNpZmljYWxseSB0byBsaW1pdCBmYWxzZSBwb3NpdGl2ZXMuCkZ1cnRoZXJtb3JlLCBhIGBkaXN0aW5jdGAgZGlyZWN0aXZlIGlzIHByZXNlbnQgb24gdGhlIGdldCBwYXJhbWV0ZXJzIHRoZW1zZWx2ZXMgdG8gcmVkdWNlIGZhbHNlIHBvc2l0aXZlIGNoYW5jZXMuCgoKKipXQVJOSU5HKiogVGhpcyBzY2VuYXJpbyBpcyBfbm90XyBhIFdBRiwgYW5kIHRoaXMgc2NlbmFyaW8gZG9lcyBfbm90XyBhaW1zIGF0IHJlcGxhY2luZyBhIFdBRi4gQSBtb3RpdmF0ZWQgYXR0YWNrZXIgd2l0aCBrbm93bGVkZ2Ugb2YgY3Jvd2RzZWMgd2lsbCBiZSBhYmxlIHRvIGJ5cGFzcyBpdC4gSXQgaXMgbW9zdGx5IG1lYW50IHRvIGJlIGEgd2F5IHRvIGRldGVjdCBnZW5lcmljIFhTUyBwcm9iaW5nLgo=", ++++ "content": "dHlwZTogbGVha3kKI3JlcXVpcmVzIGF0IGxlYXN0IDIuMCBiZWNhdXNlIGl0J3MgdXNpbmcgdGhlICdkYXRhJyBzZWN0aW9uIGFuZCB0aGUgJ1VwcGVyJyBleHByIGhlbHBlcgpmb3JtYXQ6IDIuMApuYW1lOiBjcm93ZHNlY3VyaXR5L2h0dHAteHNzLXByb2JiaW5nCmRhdGE6CiAgLSBzb3VyY2VfdXJsOiBodHRwczovL3Jhdy5naXRodWJ1c2VyY29udGVudC5jb20vY3Jvd2RzZWN1cml0eS9zZWMtbGlzdHMvbWFzdGVyL3dlYi94c3NfcHJvYmVfcGF0dGVybnMudHh0CiAgICBkZXN0X2ZpbGU6IHhzc19wcm9iZV9wYXR0ZXJucy50eHQKICAgIHR5cGU6IHN0cmluZwpkZXNjcmlwdGlvbjogIkEgc2NlbmFyaW8gdGhhdCBkZXRlY3RzIFhTUyBwcm9iaW5nIHdpdGggbWluaW1hbCBmYWxzZSBwb3NpdGl2ZXMiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlIGluIFsnaHR0cF9hY2Nlc3MtbG9nJywgJ2h0dHBfZXJyb3ItbG9nJ10gJiYgYW55KEZpbGUoJ3hzc19wcm9iZV9wYXR0ZXJucy50eHQnKSwge1VwcGVyKGV2dC5QYXJzZWQuaHR0cF9hcmdzKSBjb250YWlucyBVcHBlcigjKX0pIgpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKY2FwYWNpdHk6IDUKbGVha3NwZWVkOiAxcwpibGFja2hvbGU6IDVtCiNsb3cgZmFsc2UgcG9zaXRpdmVzIGFwcHJvYWNoIDogd2UgcmVxdWlyZSBkaXN0aW5jdCBwYXlsb2FkcyB0byBhdm9pZCBmYWxzZSBwb3NpdGl2ZXMKZGlzdGluY3Q6IGV2dC5QYXJzZWQuaHR0cF9hcmdzCmxhYmVsczoKICBzZXJ2aWNlOiBodHRwCiAgdHlwZTogeHNzX3Byb2JpbmcKICByZW1lZGlhdGlvbjogdHJ1ZQo=", ++++ "description": "A scenario that detects XSS probing with minimal false positives", ++++ "author": "crowdsecurity", ++++ "labels": { ++++ "remediation": "true", ++++ "service": "http", ++++ "type": "xss_probing" ++++ } ++++ }, ++++ "crowdsecurity/iptables-scan-multi_ports": { ++++ "path": "scenarios/crowdsecurity/iptables-scan-multi_ports.yaml", ++++ "version": "0.1", ++++ "versions": { ++++ "0.1": { ++++ "digest": "85bd908ec6efae802035e4553f5dd41e4d5b6b53b2f237dd256533965bd44cd7", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "RGV0ZWN0cyBhIHBvcnQgc2NhbiA6IGRldGVjdHMgaWYgYSBzaW5nbGUgSVAgYXR0ZW1wdHMgY29ubmVjdGlvbiB0byBtYW55IGRpZmZlcmVudCBwb3J0cy4KCkxlYWtzcGVlZCBvZiA1cywgY2FwYWNpdHkgb2YgMTUuCg==", ++++ "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9pcHRhYmxlcy1zY2FuLW11bHRpX3BvcnRzCmRlc2NyaXB0aW9uOiAiYmFuIElQcyB0aGF0IGFyZSBzY2FubmluZyB1cyIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2lwdGFibGVzX2Ryb3AnICYmIGV2dC5NZXRhLnNlcnZpY2UgPT0gJ3RjcCciCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApkaXN0aW5jdDogZXZ0LlBhcnNlZC5kc3RfcG9ydApjYXBhY2l0eTogMTUKbGVha3NwZWVkOiA1cwpibGFja2hvbGU6IDFtCmxhYmVsczoKICBzZXJ2aWNlOiB0Y3AKICB0eXBlOiBzY2FuCiAgcmVtZWRpYXRpb246IHRydWUKCg==", ++++ "description": "ban IPs that are scanning us", ++++ "author": "crowdsecurity", ++++ "labels": { ++++ "remediation": "true", ++++ "service": "tcp", ++++ "type": "scan" ++++ } ++++ }, ++++ "crowdsecurity/modsecurity": { ++++ "path": "scenarios/crowdsecurity/modsecurity.yaml", ++++ "version": "0.2", ++++ "versions": { ++++ "0.1": { ++++ "digest": "447c63986f53a743d08fc16677d7f5427ed4b7efca6a0d73c47991d83582e0d0", ++++ "deprecated": false ++++ }, ++++ "0.2": { ++++ "digest": "45c2a35d4ee071e66197aa2381b0c066a18d17fe6b8aee7b0e83efb21512cdbc", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "VGFrZSBhIHJlbWVkaWF0aW9uIGFnYWluc3QgYW4gSVAgdGhhdCB0cmlnZ2VyIGEgbW9kc2VjdXJpdHkgcnVsZSB3aXRoIGEgYENSSVRJQ0FMYCBzZXZlcml0eS4K", ++++ "content": "dHlwZTogdHJpZ2dlcgojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9tb2RzZWN1cml0eQpkZXNjcmlwdGlvbjogIldlYiBleHBsb2l0YXRpb24gdmlhIG1vZHNlY3VyaXR5IgpmaWx0ZXI6IGV2dC5QYXJzZWQucnVsZXNldmVyaXR5ID09ICdDUklUSUNBTCcKYmxhY2tob2xlOiAybQpsYWJlbHM6CiAgdHlwZTogd2ViX2F0dGFjawogIHNlcnZpY2U6IGh0dHAKICByZW1lZGlhdGlvbjogdHJ1ZQogIHNjb3BlOiBpcAo=", ++++ "description": "Web exploitation via modsecurity", ++++ "author": "crowdsecurity", ++++ "labels": { ++++ "remediation": "true", ++++ "scope": "ip", ++++ "service": "http", ++++ "type": "web_attack" ++++ } ++++ }, ++++ "crowdsecurity/mysql-bf": { ++++ "path": "scenarios/crowdsecurity/mysql-bf.yaml", ++++ "version": "0.1", ++++ "versions": { ++++ "0.1": { ++++ "digest": "3783ff9de7b6d19697ee121314b20b21b8c765b279a9caacc70d3c75f4ebd455", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "RGV0ZWN0IHNldmVhbCBmYWlsZWQgbXlzcWwgYXV0aGVudGljYXRpb25zLgoKbGVha3NwZWVkIG9mIDEwcywgY2FwYWNpdHkgb2YgMwo=", ++++ "content": "IyBteXNxbCBicnV0ZWZvcmNlCnR5cGU6IGxlYWt5CiNkZWJ1ZzogdHJ1ZQpuYW1lOiBjcm93ZHNlY3VyaXR5L215c3FsLWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IG15c3FsIGJydXRlZm9yY2UiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ215c3FsX2ZhaWxlZF9hdXRoJwpsZWFrc3BlZWQ6ICIxMHMiCmNhcGFjaXR5OiA1Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDVtCmxhYmVsczoKIHNlcnZpY2U6IG15c3FsCiB0eXBlOiBicnV0ZWZvcmNlCiByZW1lZGlhdGlvbjogdHJ1ZQo=", ++++ "description": "Detect mysql bruteforce", ++++ "author": "crowdsecurity", ++++ "labels": { ++++ "remediation": "true", ++++ "service": "mysql", ++++ "type": "bruteforce" ++++ } ++++ }, ++++ "crowdsecurity/naxsi-exploit-vpatch": { ++++ "path": "scenarios/crowdsecurity/naxsi-exploit-vpatch.yaml", ++++ "version": "0.1", ++++ "versions": { ++++ "0.1": { ++++ "digest": "908ceeb2d7f5607a114a872847df34662e4c80ed07338a55f125a56985f0d095", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "RGV0ZWN0cyBuYXhzaSBibG9ja2VkIHJlcXVlc3RzIG9uIGN1c3RvbSAoPjk5OTkpIHJ1bGVzLgoKVHJpZ2dlcnMgb24gZmlyc3QgcmVxdWVzdC4K", ++++ "content": "IyBuYXhzaSB2cGF0Y2ggcnVsZXMgZGV0ZWN0aW9uCnR5cGU6IHRyaWdnZXIKbmFtZTogY3Jvd2RzZWN1cml0eS9uYXhzaS1leHBsb2l0LXZwYXRjaAojIGlkIGlzIGJpZ2dlciB0aGFuIDlrLCBjdXN0b20gcnVsZQpkZXNjcmlwdGlvbjogIkRldGVjdCBjdXN0b20gYmxhY2tsaXN0IHRyaWdnZXJlZCBpbiBuYXhzaSIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ3dhZl9uYXhzaS1sb2cnICYmIGxlbihldnQuUGFyc2VkLm5heHNpX2lkKSA+IDQiCmdyb3VwYnk6ICJldnQuTWV0YS5zb3VyY2VfaXAiCmJsYWNraG9sZTogNW0KbGFiZWxzOgogc2VydmljZTogaHR0cAogdHlwZTogc2NhbgogcmVtZWRpYXRpb246IHRydWUK", ++++ "description": "Detect custom blacklist triggered in naxsi", ++++ "author": "crowdsecurity", ++++ "labels": { ++++ "remediation": "true", ++++ "service": "http", ++++ "type": "scan" ++++ } ++++ }, ++++ "crowdsecurity/postfix-spam": { ++++ "path": "scenarios/crowdsecurity/postfix-spam.yaml", ++++ "version": "0.2", ++++ "versions": { ++++ "0.1": { ++++ "digest": "03876677d3fe37bdc9ad584cb015e3f0b648266450b2b494a40e1863d5a64d8a", ++++ "deprecated": false ++++ }, ++++ "0.2": { ++++ "digest": "b36d95dc5ba9cb45c8cbb1a3d37bd19d929ed387f3d7ec386b4e9e041d0bbd8e", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "Q29udGFpbnMgbXVsdGlwbGUgc2NlbmFyaW9zOgoKLSBjcm93ZHNlY3VyaXR5L3Bvc3RmaXgtc3BhbTogcG9zdGZpeCBzY2VuYXJpbyBicnV0ZWZvcmNlIHNwYW0gYXR0ZW1wdCAobGVha3NwZWVkIG9mIDEwcyB3aXRoIGEgY2FwYWNpdHkgb2YgNSkKLSBjcm93ZHNlY3VyaXR5L3Bvc3RzY3JlZW4tcmJsOiBwb3N0c2NyZWVuIHJiIGF0dGVtcHQgYmxhY2tsaXN0IChjYXBhY2l0eSBvZiAwKQoK", ++++ "content": "IyBwb3N0Zml4IHNwYW0KdHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS9wb3N0Zml4LXNwYW0KZGVzY3JpcHRpb246ICJEZXRlY3Qgc3BhbW1lcnMiCmZpbHRlcjogImV2dC5NZXRhLmxvZ190eXBlX2VuaCA9PSAnc3BhbS1hdHRlbXB0JyB8fCBldnQuTWV0YS5sb2dfdHlwZSA9PSAncG9zdGZpeCcgJiYgZXZ0Lk1ldGEuYWN0aW9uID09ICdyZWplY3QnIgpsZWFrc3BlZWQ6ICIxMHMiCnJlZmVyZW5jZXM6CiAgLSBodHRwczovL2VuLndpa2lwZWRpYS5vcmcvd2lraS9TcGFtbWluZwpjYXBhY2l0eTogNQpncm91cGJ5OiBldnQuTWV0YS5zb3VyY2VfaXAKYmxhY2tob2xlOiAxbQpyZXByb2Nlc3M6IGZhbHNlCmxhYmVsczoKIHNlcnZpY2U6IHBvc3RmaXgKIHR5cGU6IGJydXRlZm9yY2UKIHJlbWVkaWF0aW9uOiB0cnVlCi0tLQojIHBvc3RmaXggc3BhbQp0eXBlOiB0cmlnZ2VyCm5hbWU6IGNyb3dkc2VjdXJpdHkvcG9zdHNjcmVlbi1yYmwKZGVzY3JpcHRpb246ICJEZXRlY3Qgc3BhbW1lcnMiCmZpbHRlcjogImV2dC5NZXRhLnNlcnZpY2UgPT0gJ3Bvc3RzY3JlZW4nICYmIGV2dC5NZXRhLnByZWdyZWV0ID09ICdQUkVHUkVFVCciCmxlYWtzcGVlZDogIjEwcyIKcmVmZXJlbmNlczoKICAtIGh0dHBzOi8vZW4ud2lraXBlZGlhLm9yZy93aWtpL1NwYW1taW5nCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDFtCnJlcHJvY2VzczogZmFsc2UKbGFiZWxzOgogc2VydmljZTogcG9zdHNjcmVlbgogdHlwZTogYnJ1dGVmb3JjZQogcmVtZWRpYXRpb246IHRydWUKCg==", ++++ "description": "Detect spammers", ++++ "author": "crowdsecurity", ++++ "references": [ ++++ "https://en.wikipedia.org/wiki/Spamming" ++++ ], ++++ "labels": { ++++ "remediation": "true", ++++ "service": "postfix", ++++ "type": "bruteforce" ++++ } ++++ }, ++++ "crowdsecurity/smb-bf": { ++++ "path": "scenarios/crowdsecurity/smb-bf.yaml", ++++ "version": "0.1", ++++ "versions": { ++++ "0.1": { ++++ "digest": "ee7fea38f0a67bde1aae3979cf0579da03da5adf4e69826f12a82c74b812e9d6", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "dHJhY2tzIGZhaWxlZCBzYW1iYSBhdXRoZW50aWNhdGlvbnMuCg==", ++++ "content": "IyBzbWIgYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBjcm93ZHNlY3VyaXR5L3NtYi1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBzbWIgYnJ1dGVmb3JjZSIKZmlsdGVyOiBldnQuTWV0YS5sb2dfdHlwZSA9PSAnc21iX2ZhaWxlZF9hdXRoJwpsZWFrc3BlZWQ6ICIxMHMiCmNhcGFjaXR5OiA1Cmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApibGFja2hvbGU6IDVtCmxhYmVsczoKIHNlcnZpY2U6IHNtYgogdHlwZTogYnJ1dGVmb3JjZQogcmVtZWRpYXRpb246IHRydWU=", ++++ "description": "Detect smb bruteforce", ++++ "author": "crowdsecurity", ++++ "labels": { ++++ "remediation": "true", ++++ "service": "smb", ++++ "type": "bruteforce" ++++ } ++++ }, ++++ "crowdsecurity/ssh-bf": { ++++ "path": "scenarios/crowdsecurity/ssh-bf.yaml", ++++ "version": "0.1", ++++ "versions": { ++++ "0.1": { ++++ "digest": "4441dcff07020f6690d998b7101e642359ba405c2abb83565bbbdcee36de280f", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "RGV0ZWN0IGZhaWxlZCBzc2ggYXV0aGVudGljYXRpb25zIDoKCiAtIGxlYWtzcGVlZCBvZiAxMHMsIGNhcGFjaXR5IG9mIDUgb24gc2FtZSB0YXJnZXQgdXNlcgogLSBsZWFrc3BlZWQgb2YgMTBzLCBjYXBhY2l0eSBvZiA1IHVuaXF1ZSBkaXN0aW5jdCB1c2VycwogCg==", ++++ "content": "IyBzc2ggYnJ1dGVmb3JjZQp0eXBlOiBsZWFreQpuYW1lOiBjcm93ZHNlY3VyaXR5L3NzaC1iZgpkZXNjcmlwdGlvbjogIkRldGVjdCBzc2ggYnJ1dGVmb3JjZSIKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ3NzaF9mYWlsZWQtYXV0aCciCmxlYWtzcGVlZDogIjEwcyIKcmVmZXJlbmNlczoKICAtIGh0dHA6Ly93aWtpcGVkaWEuY29tL3NzaC1iZi1pcy1iYWQKY2FwYWNpdHk6IDUKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogMW0KcmVwcm9jZXNzOiB0cnVlCmxhYmVsczoKIHNlcnZpY2U6IHNzaAogdHlwZTogYnJ1dGVmb3JjZQogcmVtZWRpYXRpb246IHRydWUKLS0tCiMgc3NoIHVzZXItZW51bQp0eXBlOiBsZWFreQpuYW1lOiBjcm93ZHNlY3VyaXR5L3NzaC1iZl91c2VyLWVudW0KZGVzY3JpcHRpb246ICJEZXRlY3Qgc3NoIHVzZXIgZW51bSBicnV0ZWZvcmNlIgpmaWx0ZXI6IGV2dC5NZXRhLmxvZ190eXBlID09ICdzc2hfZmFpbGVkLWF1dGgnCmdyb3VwYnk6IGV2dC5NZXRhLnNvdXJjZV9pcApkaXN0aW5jdDogZXZ0Lk1ldGEudGFyZ2V0X3VzZXIKbGVha3NwZWVkOiAxMHMKY2FwYWNpdHk6IDUKYmxhY2tob2xlOiAxbQpsYWJlbHM6CiBzZXJ2aWNlOiBzc2gKIHR5cGU6IGJydXRlZm9yY2UKIHJlbWVkaWF0aW9uOiB0cnVlCgo=", ++++ "description": "Detect ssh bruteforce", ++++ "author": "crowdsecurity", ++++ "references": [ ++++ "http://wikipedia.com/ssh-bf-is-bad" ++++ ], ++++ "labels": { ++++ "remediation": "true", ++++ "service": "ssh", ++++ "type": "bruteforce" ++++ } ++++ }, ++++ "crowdsecurity/telnet-bf": { ++++ "path": "scenarios/crowdsecurity/telnet-bf.yaml", ++++ "version": "0.1", ++++ "versions": { ++++ "0.1": { ++++ "digest": "fd1769c247b352916a0400c33668b315a6d7a0ab8e672f339b00d9de2df71229", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "IyMgRGV0ZWN0IFRlbG5ldCBicnV0ZWZvcmNlIGF0dGFjay4KCiMjIyBSdWxlCmxlYWtzcGVlZCBvZiAxMHMsIGNhcGFjaXR5IG9mIDU=", ++++ "content": "dHlwZTogbGVha3kKbmFtZTogY3Jvd2RzZWN1cml0eS90ZWxuZXQtYmYKZGVzY3JpcHRpb246ICJkZXRlY3QgdGVsbmV0IGJydXRlZm9yY2UiCmZpbHRlcjogZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ3RlbG5ldF9uZXdfc2Vzc2lvbicKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmNhcGFjaXR5OiA1CmxlYWtzcGVlZDogIjEwcyIKYmxhY2tob2xlOiA1bQpsYWJlbHM6CiBzZXJ2aWNlOiB0ZWxuZXQKIHR5cGU6IGJydXRlZm9yY2UKIHJlbWVkaWF0aW9uOiB0cnVl", ++++ "description": "detect telnet bruteforce", ++++ "author": "crowdsecurity", ++++ "labels": { ++++ "remediation": "true", ++++ "service": "telnet", ++++ "type": "bruteforce" ++++ } ++++ }, ++++ "crowdsecurity/vsftpd-bf": { ++++ "path": "scenarios/crowdsecurity/vsftpd-bf.yaml", ++++ "version": "0.1", ++++ "versions": { ++++ "0.1": { ++++ "digest": "3591247988014705cf3a7e42388f0c87f9b86d3141268d996c5820ceab6364e1", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "IyMgRGV0ZWN0IEZUUCBicnV0ZWZvcmNlIGF0dGFjay4KCiMjIyBSdWxlCmxlYWtzcGVlZCBvZiAxMHMsIGNhcGFjaXR5IG9mIDU=", ++++ "content": "dHlwZTogbGVha3kKI2RlYnVnOiB0cnVlCm5hbWU6IGNyb3dkc2VjdXJpdHkvdnNmdHBkLWJmCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IEZUUCBicnV0ZWZvcmNlICh2c2Z0cGQpIgpmaWx0ZXI6IGV2dC5NZXRhLmxvZ190eXBlID09ICdmdHBfZmFpbGVkX2F1dGgnCmxlYWtzcGVlZDogIjEwcyIKY2FwYWNpdHk6IDUKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogNW0KbGFiZWxzOgogc2VydmljZTogZnRwCiB0eXBlOiBicnV0ZWZvcmNlCiByZW1lZGlhdGlvbjogdHJ1ZQ==", ++++ "description": "Detect FTP bruteforce (vsftpd)", ++++ "author": "crowdsecurity", ++++ "labels": { ++++ "remediation": "true", ++++ "service": "ftp", ++++ "type": "bruteforce" ++++ } ++++ }, ++++ "ltsich/http-w00tw00t": { ++++ "path": "scenarios/ltsich/http-w00tw00t.yaml", ++++ "version": "0.1", ++++ "versions": { ++++ "0.1": { ++++ "digest": "f0cba1520658a1016e9d1952473fa9e78175deef2117d2b921e7d994a6e7a549", ++++ "deprecated": false ++++ } ++++ }, ++++ "long_description": "dHJpZ2dlciBzY2VuYXJpbyB0byBkZXRlY3QgdzAwdHcwMHQgcGF0dGVybiB1c2VkIGJ5IGh0dHAgdnVsbmVyYWJpbGl0eSBzY2FubmVyLCBzZWUgW3RoaXMgcmVzc291cmNlXShodHRwczovL2lzYy5zYW5zLmVkdS9mb3J1bXMvZGlhcnkvdzAwdHcwMHQvOTAwLykKCj4gQ29udHJpYnV0ZWQgYnkgaHR0cHM6Ly9naXRodWIuY29tL0x0U2ljaAo=", ++++ "content": "I2NvbnRyaWJ1dGVkIGJ5IGx0c2ljaAp0eXBlOiB0cmlnZ2VyCm5hbWU6IGx0c2ljaC9odHRwLXcwMHR3MDB0CmRlc2NyaXB0aW9uOiAiZGV0ZWN0IHcwMHR3MDB0IgpkZWJ1ZzogZmFsc2UKZmlsdGVyOiAiZXZ0Lk1ldGEubG9nX3R5cGUgPT0gJ2h0dHBfYWNjZXNzLWxvZycgJiYgZXZ0LlBhcnNlZC5maWxlX25hbWUgY29udGFpbnMgJ3cwMHR3MDB0LmF0LklTQy5TQU5TLkRGaW5kJyIKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmJsYWNraG9sZTogNW0KbGFiZWxzOgogc2VydmljZTogaHR0cAogdHlwZTogc2NhbgogcmVtZWRpYXRpb246IHRydWUK", ++++ "description": "detect w00tw00t", ++++ "author": "ltsich", ++++ "labels": { ++++ "remediation": "true", ++++ "service": "http", ++++ "type": "scan" ++++ } ++++ } ++++ } ++++} diff --cc hub1/README.md index 0000000,0000000,0000000,0000000..06e4abe new file mode 100644 --- /dev/null +++ b/hub1/README.md @@@@@ -1,0 -1,0 -1,0 -1,0 +1,14 @@@@@ ++++ ++++> CrowdSec Hub for parsers, enrichers and scenarios. ++++ ++++# Foreword ++++ ++++This repository stores most of the official parsers/scenarios/collections for crowdsec. ++++ ++++The repository is not intended for use as-is, but rather as source of truth for the [CrowdSec Hub](https://hub.crowdsec.net/) and `cscli`. ++++ ++++Feel free to use the parsers/scenarios here as a source of inspiration. ++++ ++++ ++++The results of the continuous integration tests can be seen at [CI tests results](https://crowdsecurity.github.io/hub/) ++++ diff --cc hub1/blockers.go index 0000000,0000000,0000000,0000000..e895b52 new file mode 100644 --- /dev/null +++ b/hub1/blockers.go @@@@@ -1,0 -1,0 -1,0 -1,0 +1,142 @@@@@ ++++package main ++++ ++++import ( ++++ "context" ++++ "encoding/base64" ++++ "encoding/json" ++++ "fmt" ++++ "io/ioutil" ++++ "log" ++++ ++++ "github.com/google/go-github/github" ++++) ++++ ++++type ItemInfo struct { ++++ //Source info (crafted by humans) ++++ Name string `json:"name"` ++++ Owner string `json:"author"` ++++ Logo string `json:"logo"` ++++ //Main infos about repo ++++ URL string `json:"url"` ++++ Description string `json:"description"` ++++ Stargazers int `json:"stars"` ++++ DownloadCount int `json:"downloads"` ++++ ReadmeContent string `json:"readme_content"` ++++ //Infos about last downloadable version ++++ LastVersion string `json:"version"` ++++ DownloadURL string `json:"download_url"` ++++ AssetURL string `json:"asset_url"` ++++ Status string `json:"status"` ++++} ++++ ++++//DumpJSON dumps the list to a json file ++++func DumpJSON(file string, items []ItemInfo) error { ++++ dump, err := json.MarshalIndent(items, "", " ") ++++ if err != nil { ++++ return fmt.Errorf("failed to unmarshal : %s", err) ++++ } ++++ err = ioutil.WriteFile(file, dump, 0755) ++++ if err != nil { ++++ return fmt.Errorf("failed to write dump : %s", err) ++++ } ++++ return nil ++++} ++++ ++++//LoadJSON loads a list of blockers from json ++++func LoadJSON(file string) ([]ItemInfo, error) { ++++ var blockers []ItemInfo ++++ body, err := ioutil.ReadFile(file) ++++ if err != nil { ++++ return nil, fmt.Errorf("failed to open %s : %s", file, err) ++++ } ++++ if err = json.Unmarshal(body, &blockers); err != nil { ++++ return nil, fmt.Errorf("failed to decode json : %s", err) ++++ } ++++ return blockers, nil ++++} ++++ ++++//UpdateItem refreshes the item information from github api ++++func UpdateItem(item ItemInfo) (ItemInfo, error) { ++++ /*Configure client with auth*/ ++++ client := github.NewClient(nil) ++++ /*get main infos about repo*/ ++++ log.Printf("updating %s/%s", item.Owner, item.Name) ++++ repinfo, _, err := client.Repositories.Get(context.Background(), item.Owner, item.Name) ++++ if err != nil { ++++ return item, fmt.Errorf("unable to get %s/%s : %s", item.Owner, item.Name, err) ++++ } ++++ item.Stargazers = repinfo.GetStargazersCount() ++++ log.Printf("Stargazers : %d", item.Stargazers) ++++ item.URL = repinfo.GetHTMLURL() ++++ log.Printf("URL : %s", item.URL) ++++ item.Description = repinfo.GetDescription() ++++ log.Printf("Description : %s", item.Description) ++++ ++++ /*get the readme*/ ++++ readme, _, err := client.Repositories.GetReadme(context.Background(), item.Owner, item.Name, nil) ++++ if err != nil { ++++ return item, fmt.Errorf("Failed to get the readme : %s", err) ++++ } ++++ ++++ content, err := readme.GetContent() ++++ if err != nil { ++++ return item, fmt.Errorf("Failed to get the readme content : %s", err) ++++ } ++++ log.Printf("len(readme) : %d", len(content)) ++++ item.ReadmeContent = base64.StdEncoding.EncodeToString([]byte(content)) ++++ ++++ // Fetch nb downloads of all (pre-)releases ++++ releases, _, err := client.Repositories.ListReleases(context.Background(), item.Owner, item.Name, nil) ++++ if err != nil { ++++ log.Fatalf("Failed to fetch releases : %+v", err.Error()) ++++ } ++++ if len(releases) > 0 { ++++ /*get download count*/ ++++ for _, release := range releases { ++++ for x, asset := range release.Assets { ++++ if x == 0 { ++++ item.AssetURL = asset.GetBrowserDownloadURL() ++++ log.Printf("AssetURL : %s", item.AssetURL) ++++ } ++++ item.DownloadCount += asset.GetDownloadCount() ++++ } ++++ } ++++ } ++++ ++++ /*get infos about latest release*/ ++++ release, _, _ := client.Repositories.GetLatestRelease(context.Background(), item.Owner, item.Name) ++++ if release != nil { ++++ item.LastVersion = *release.TagName ++++ log.Printf("LastVersion : %s", item.LastVersion) ++++ item.DownloadURL = release.GetHTMLURL() ++++ log.Printf("DownloadURL : %s", item.DownloadURL) ++++ log.Printf("len(assets) : %d", len(release.Assets)) ++++ if len(release.Assets) > 0 { ++++ item.AssetURL = release.Assets[0].GetBrowserDownloadURL() ++++ } else { ++++ item.AssetURL = *release.ZipballURL ++++ } ++++ item.Status = "stable" ++++ } else { ++++ /*if has prerelease*/ ++++ releases, _, err := client.Repositories.ListReleases(context.Background(), item.Owner, item.Name, nil) ++++ if err != nil { ++++ log.Fatalf("Failed to fetch releases : %+v", err.Error()) ++++ } ++++ if len(releases) > 0 { ++++ item.DownloadURL = *releases[0].HTMLURL ++++ item.LastVersion = *releases[0].TagName ++++ item.Status = "unstable" ++++ log.Printf("Has only prereleases : %s", item.DownloadURL) ++++ log.Printf("LastVersion : %s", item.LastVersion) ++++ } else { ++++ item.LastVersion = "no release" ++++ item.DownloadURL = *repinfo.HTMLURL + "/tags" ++++ item.AssetURL = *repinfo.HTMLURL + "/tags" ++++ item.DownloadCount = 0 ++++ item.Status = "development" ++++ log.Printf("Has no release : %s", item.DownloadURL) ++++ } ++++ } ++++ return item, nil ++++} diff --cc hub1/blockers.json index 0000000,0000000,0000000,0000000..b854365 new file mode 100644 --- /dev/null +++ b/hub1/blockers.json @@@@@ -1,0 -1,0 -1,0 -1,0 +1,100 @@@@@ ++++[ ++++ { ++++ "name": "cs-nginx-bouncer", ++++ "author": "crowdsecurity", ++++ "logo": "iVBORw0KGgoAAAANSUhEUgAAAGAAAABgCAYAAADimHc4AAAABmJLR0QA/wD/AP+gvaeTAAAJIElEQVR4nO2de3BU1R3HP+fukheQlJdVIAgiFKUIhSoEeeRBEqzN0KGBsRaTEHBaa4UAikAgBAkglPJsxzIdSAhFrGGYKaIhYReiVR61EEWLBErBgoISsLwSILv39A+GsToE9t69zzSff3N+5/fd882es7vn3N+BZppppplmmnEhhYWFSmFhoWK3jnAQdgvQS2rpY8NVVV0BRAhFTPVlba+wW5MeXGdA2rq0eNUjFkjJOL6pf5tQg5N9ub5/2aVND64xIK00raUaVF6QQr4IRDXS7DrIP0R4PXPKx5VftFKfXpxvgESMWJ/+lISXgXtCjKpFUNQ2OvZ3ZWPLgmbKCxdHG5C8Pv0RIVkBJOjs4oBETtmZU/mOkbqMxJEGJP7psc7eoLrwFvO8XrZ5FDmpMqvyuAF9GYqjDMhYkxFTH9EwXQp1Oohog7t35PrgsVsAABKR3HXkmIA3uBXBKBAtTMjiATEwqMrs7j/pfjmr31PVVVVV0oQ8mrD9HZBSPPJhFLkCyWAr8wrYjyLyfFnb37Uy7y102EPy+h93UmhYZOA8r5dtQSmeqxq//YQdyS1/4RlrMmKuRF1/TkhmA62szn9rZL2QYlW9GrngvQlbL1mZ2bo14OY83yL4FyHJBCIsy31HRAsEQ7xK0PL1wZJ3QGpp6g+DqmeFQD5qRb7wEX9XCebtytnxnumZzOw8dW1qR9XjmQtyIuC2Xy2lEGxWGzwv7Jz41qdmJTHFgITXx0RH11+cJCT5QGszclhInZCsDrS8VlQ1tuqy0Z0bbkBycVqGEGIV0NXovu1FfiYQs3zZFRsQGLY+GGZAUknaAAWxHBhqVJ8O5X2pyryduZW7jegsbAPSN6TfEwiKQpATcMo3a/ORQrAZEXzel+X7dzgd6TZgzOtjIs7XX3wGyUtAbDgiXEydkOI3V1q2XrxnbFm9ng50GXBjnldWgLxPT3wT5JSAfD3rgyYDktel9xcKy4FhmuT9nyAk+0DJ840v3xtyTKgNU9anr0WSQ5if5wfHJ5DZezQ92/UgyhtFXUMdJy+c4oMzH/JGzTbOXP4inO516QCoqT3C5kNb2HMy5LFrDBVBiT+7YkIojUM3oCQ97I9eEwfk8sT3xzb694AaoKS6lD9/XIY07pOeJh2vfvQa6w6UhJ3Dn1MR0tha9u10cHzCbQcfwKt4mTggl18P/JVtOp7s8wSDOg80Lf+3scyAzN6jQ247qlcGWX3H2aZDi9ZwscyAHu3u19Q+q984RvXKsEVHz3Y9Dc/bGJYZEO3VvsX77CPPMKSLsRtloeiIaWH0dnTjOPoXSkUozBw2g9539bZbimk42gCASE8E85PnEh8Xb7cUU3C8AQCxkbEsSVtEh5j2dksxHFcYANAhpj0LRxTRKsIh28gG4RoDALq16Uph0hxaeMw4NmQPrjIAoN/dfZn+6DSEsP1IkyG4zgCApG6JPD0gpJ9aHI8rDQAY2zuTnz5o3TdWs3CtAQC/fPhpUrun2C0jLFxtgEAwbfAUBnTsb7cU3TjOgI+//Iem9l7FS8HwfO5r080kRebiOAPy/QUc/+qEppiWES1ZNKKI77a6yxxRJuI4A65cv8Is32zOXjmrKa5dTDuWpC4iLirOJGXm4DgDAM7W1TLTN4fL17UdROsU24milHlEeRt7iNJ5ONIAgBP/OcHcXS/REGzQFPdA+17MHj4Tj3DHESXHGgDw4ZmDLH53KVJq2x8e1HkgkwY9a5IqY3G0AQBVJ95m9b7fa457vOeP+PlDPzNBkbE43gCArTXb2Hxoi+a4nB9kMbJHugmKjMMVBgCsef+P7Djm1xQjEExNmMzgeL3PeZuPawyQSH67ezn7Pz+gKU4RCvnDZvBghwdMUhYerjEAbhzcmldVxD/PH9MUF+mNZH7KPOLjOpukTD+uMgCgrqGOfH8BX1z+UlNcXGQsC1Lmm6RKP64zAOBc3TmmV87gwtULmuI6tg612Ip1uNIAgM8ufU6+v4Crgat2SwkL1xoAcLi2hqK3FxGUji4JdFtcbQDA3lP7WLVX+xc1p+B6AwDePPIWGw9usluGLpqEAQAl1aVsP+q+wolNxgCJZNmelew+ucduKZpoMgYAqFJlwTsvc+jsJ3ZLCZkmZQDAtcA15vjncvLCKbulhESTMwDgwrWLzPLP4Xz9V3ZLuSNN0gCA05dOM9tfQH1A1/PTlmGZAaEMRF1DnaE5j5w7SsHOeQTUgKY4o3XcDssMOFJ79I5tamqPGJ63+vQHLNu9UtNjr2boaAzLDAhlR0vPrlcoVB7bQUl1acjtzdJxKywzYM/Jvbz60WuN/n3jwU3sO/U30/JvPLiJlXtX33EqNFvHt7H0SXm4cWIhs/dovtf+xqOgh8/WsPnQFstedNvoNiR1S2JIl8F0iYsnLiqO+kC94TpCfVJeS62Il5DyeRNKCjcxZD1CLPVnVxSE0lpbtRTnFFt1KpqLhOsaRLvKDTsVAfulZIp/fMVfdcTqRCKSS0ZmCiGXAl109+NuTgtkYZuYuLV6L4oIexoxueS8UzGsFL5h87gJly44FUMvCzJ8oJJK0wYqKitADDK6b5uplsg8o69DMec/9euLdxYDd5uSwzpMvRDI1KkixKunnEoDyFfMvvLEkrn6NpevOZVtEiVvZ065tjOQOrB0MEYUj0yUQi4H+lmZVwOfCEVMsfJaREs3ZHzjt1cNPZEwQEA2YE19ytA4hyCvbUxsH6vvpLRtOnDI+tAA8hVxTS3w/cKn7aCpQdg+HyduSL/fq7JQSsZYnNqHqkz255YfsjjvN7DdgJukrE9PApYj6WtmHgmHEXLqzuzKcjPzhIpjNuX92RW7hh5P6G/i+nAeQZ5677U+Thl8cNA74H9JLE78jpfIGVKQB0SG2V0DiOJgRIv8qiffqDVCn5E40oCbpBan9pCKsiCM9cGnQt6unAptFUAsxNEG3CS1ZGSKilwGPBRSgKBGSKb5cireNFdZ+LjCAIDEXYle76cRuRIxH2isLMp5KVjSLjp2ednYsutW6tOLawy4yZCNj7eJuh54UQqm8PVtfAEQ6yJUMbs8t1xbmRWbcZ0BN0krTusVFGIZgEfKqZXjKw/bramZZppppplmtPBfF3sPBXFW2BYAAAAASUVORK5CYII=", ++++ "url": "https://github.com/crowdsecurity/cs-nginx-bouncer", ++++ "description": "CrowdSec bouncer for Nginx", ++++ "stars": 5, ++++ "downloads": 224, ++++ "readme_content": "PHAgYWxpZ249ImNlbnRlciI+CjxpbWcgc3JjPSJodHRwczovL2dpdGh1Yi5jb20vY3Jvd2RzZWN1cml0eS9jcy1uZ2lueC1ib3VuY2VyL3Jhdy9tYWluL2RvY3MvYXNzZXRzL2Nyb3dkc2VjX25naW54LnBuZyIgYWx0PSJDcm93ZFNlYyIgdGl0bGU9IkNyb3dkU2VjIiB3aWR0aD0iMjgwIiBoZWlnaHQ9IjMwMCIgLz4KPC9wPgo8cCBhbGlnbj0iY2VudGVyIj4KPGltZyBzcmM9Imh0dHBzOi8vaW1nLnNoaWVsZHMuaW8vYmFkZ2UvYnVpbGQtcGFzcy1ncmVlbiI+CjxpbWcgc3JjPSJodHRwczovL2ltZy5zaGllbGRzLmlvL2JhZGdlL3Rlc3RzLXBhc3MtZ3JlZW4iPgo8L3A+CjxwIGFsaWduPSJjZW50ZXIiPgomI3gxRjREQTsgPGEgaHJlZj0iI2luc3RhbGxhdGlvbi8iPkRvY3VtZW50YXRpb248L2E+CiYjeDFGNEEwOyA8YSBocmVmPSJodHRwczovL2h1Yi5jcm93ZHNlYy5uZXQiPkh1YjwvYT4KJiMxMjgxNzI7IDxhIGhyZWY9Imh0dHBzOi8vZGlzY291cnNlLmNyb3dkc2VjLm5ldCI+RGlzY291cnNlIDwvYT4KPC9wPgoKCgojIENyb3dkU2VjIE5HSU5YIEJvdW5jZXIKCkEgbHVhIGJvdW5jZXIgZm9yIG5naW54LgoKIyMgSG93IGRvZXMgaXQgd29yayA/CgpUaGlzIGJvdW5jZXIgbGV2ZXJhZ2VzIG5naW54IGx1YSdzIEFQSSwgbmFtZWx5IGBhY2Nlc3NfYnlfbHVhX2ZpbGVgLgoKTmV3L3Vua25vd24gSVAgYXJlIGNoZWNrZWQgYWdhaW5zdCBjcm93ZHNlYyBBUEksIGFuZCBpZiByZXF1ZXN0IHNob3VsZCBiZSBibG9ja2VkLCBhICoqNDAzKiogaXMgcmV0dXJuZWQgdG8gdGhlIHVzZXIsIGFuZCBwdXQgaW4gY2FjaGUuCgpBdCB0aGUgYmFjaywgdGhpcyBib3VuY2VyIHVzZXMgW2Nyb3dkc2VjIGx1YSBsaWJdKGh0dHBzOi8vZ2l0aHViLmNvbS9jcm93ZHNlY3VyaXR5L2x1YS1jcy1ib3VuY2VyLykuCgojIEluc3RhbGxhdGlvbgoKIyMgSW5zdGFsbCBzY3JpcHQKCkRvd25sb2FkIHRoZSBsYXRlc3QgcmVsZWFzZSBbaGVyZV0oaHR0cHM6Ly9naXRodWIuY29tL2Nyb3dkc2VjdXJpdHkvY3MtbmdpbngtYm91bmNlci9yZWxlYXNlcykKCmBgYGJhc2gKdGFyIHh2emYgY3MtbmdpbngtYm91bmNlci50Z3oKY2QgY3MtbmdpbngtYm91bmNlci8Kc3VkbyAuL2luc3RhbGwuc2gKYGBgCgpJZiB5b3UgYXJlIG9uIGEgbW9uby1tYWNoaW5lIHNldHVwLCB0aGUgYGNzLW5naW54LWJvdW5jZXJgIGluc3RhbGwgc2NyaXB0IHdpbGwgcmVnaXN0ZXIgZGlyZWN0bHkgdG8gdGhlIGxvY2FsIGNyb3dkc2VjLCBzbyB5b3UncmUgZ29vZCB0byBnbyAhCgojIyBVcGdyYWRlIHNjcmlwdAoKIyMgVXBncmFkZQoKSWYgeW91IGFscmVhZHkgaGF2ZSBgY3MtbmdpbngtYm91bmNlcmAgaW5zdGFsbGVkLCBwbGVhc2UgZG93bmxvYWQgdGhlIFtsYXRlc3QgcmVsZWFzZV0oaHR0cHM6Ly9naXRodWIuY29tL2Nyb3dkc2VjdXJpdHkvY3MtbmdpbngtYm91bmNlci9yZWxlYXNlcykgYW5kIHJ1biB0aGUgZm9sbG93aW5nIGNvbW1hbmRzOgoKYGBgYmFzaAp0YXIgeHp2ZiBjcy1uZ2lueC1ib3VuY2VyLnRnegpjZCBjcy1uZ2lueC1ib3VuY2VyLXYqLwpzdWRvIC4vdXBncmFkZS5zaApzdWRvIHN5c3RlbWN0bCByZXN0YXJ0IG5naW54CmBgYAoKIyMgQ29uZmlndXJhdGlvbgoKSWYgeW91ciBuZ2lueCBib3VuY2VyIG5lZWRzIHRvIGNvbXVuaWNhdGUgd2l0aCBhIHJlbW90ZSBjcm93ZHNlYyBBUEksIHlvdSBjYW4gY29uZmlndXJlIEFQSSB1cmwgYW5kIGtleSBpbiBgL2V0Yy9jcm93ZHNlYy9jcy1uZ2lueC1ib3VuY2VyL2Nyb3dkc2VjLmNvbmZgOgoKYGBgbHVhCkFQSV9VUkw9aHR0cDovLzEyNy4wLjAuMTo4MDgwCkFQSV9LRVk9PEFQSSBLRVk+IC0tZ2VuZXJhdGVkIHdpdGggYGNzY2xpIGJvdW5jZXJzIGFkZCAtbiA8Ym91bmNlcl9uYW1lPgpMT0dfRklMRT0vdG1wL2x1YV9tb2QubG9nCkNBQ0hFX0VYUElSQVRJT049MQpDQUNIRV9TSVpFPTEwMDAKYGBgCgpUaGVuIHJlc3RhcnQgbmdpbng6CgpgYGBzaApzdWRvIHN5c3RlbWN0bCByZXN0YXJ0IG5naW54CmBgYAoKOndhcm5pbmc6IHRoZSBpbnN0YWxsYXRpb24gc2NyaXB0IHdpbGwgdGFrZSBjYXJlIG9mIGRlcGVuZGVuY2llcyBmb3IgRGViaWFuL1VidW50dQo8ZGV0YWlscz4KICA8c3VtbWFyeT5ub24tZGViaWFuIGJhc2VkIGRlcGVuZGVuY2llczwvc3VtbWFyeT4KCiAgLSBsaWJuZ2lueC1tb2QtaHR0cC1sdWEgOiBuZ2lueCBsdWEgc3VwcG9ydAogIC0gbHVhLXNlYyA6IGZvciBodHRwcyBjbGllbnQgcmVxdWVzdAo8L2RldGFpbHM+CgoKIyMgRnJvbSBzb3VyY2UKCiMjIyBSZXF1aXJlbWVudHMKClRoZSBmb2xsb3dpbmcgcGFja2FnZXMgYXJlIHJlcXVpcmVkIDoKCi0gbHVhCi0gbHVhLXNlYwotIGxpYm5naW54LW1vZC1odHRwLWx1YQoKIyMjIyBEZWJpYW4vVWJ1bnR1CgpgYGBiYXNoCnN1ZG8gYXB0LWdldCBpbnN0YWxsIGx1YTUuMyBsaWJuZ2lueC1tb2QtaHR0cC1sdWEgbHVhLXNlYwpgYGAKCkRvd25sb2FkIHRoZSBmb2xsb3dpbmcgMiByZXBvc2l0b3JpZXM6CgotIFtgbHVhLWNzLWJvdW5jZXJgXShodHRwczovL2dpdGh1Yi5jb20vY3Jvd2RzZWN1cml0eS9sdWEtY3MtYm91bmNlcik6CmBgYGJhc2gKZ2l0IGNsb25lIGh0dHBzOi8vZ2l0aHViLmNvbS9jcm93ZHNlY3VyaXR5L2x1YS1jcy1ib3VuY2VyLmdpdApgYGAKCi0gW2Bjcy1uZ2lueC1ib3VuY2VyYF0oaHR0cHM6Ly9naXRodWIuY29tL2Nyb3dkc2VjdXJpdHkvY3MtbmdpbngtYm91bmNlcikKYGBgYmFzaApnaXQgY2xvbmUgaHR0cHM6Ly9naXRodWIuY29tL2Nyb3dkc2VjdXJpdHkvY3MtbmdpbngtYm91bmNlci5naXQKYGBgCgojIyMgSW5zdGFsbGF0aW9uCgojIyMjIGx1YS1jcy1ib3VuY2VyCgpgYGBiYXNoCmNkIC4vbHVhLWNzLWJvdW5jZXIvCnN1ZG8gbWFrZSBpbnN0YWxsCmBgYAoKIyMjIyBjcy1uZ2lueC1ib3VuY2VyCgotIENvcHkgdGhlIGBjcy1uZ2lueC1ib3VuY2VyL25naW54L2Nyb3dkc2VjX25naW54LmNvbmZgIGludG8gYC9ldGMvbmdpbngvY29uZi5kL2Nyb3dkc2VjX25naW54LmNvbmZgOgpgYGBiYXNoCmNwIC4vY3MtbmdpbngtYm91bmNlci9uZ2lueC9jcm93ZHNlY19uZ2lueC5jb25mIC9ldGMvbmdpbngvY29uZi5kL2Nyb3dkc2VjX25naW54LmNvbmYKYGBgCi0gQ29weSB0aGUgYGNzLW5naW54LWJvdW5jZXIvbmdpbngvYWNjZXNzLmx1YWAgaW50byBgL3Vzci9sb2NhbC9sdWEvY3Jvd2RlYy9hY2Nlc3MubHVhYDoKYGBgYmFzaApjcCAuL2NzLW5naW54LWJvdW5jZXIvbmdpbngvYWNjZXNzLmx1YSAvdXNyL2xvY2FsL2x1YS9jcm93ZGVjL2FjY2Vzcy5sdWEKYGBgCgpDb25maWd1cmUgeW91ciBBUEkgdXJsIGFuZCBrZXkgaW4gYC9ldGMvY3Jvd2RzZWMvY3MtbmdpbngtYm91bmNlci9jcm93ZHNlYy5jb25mYDoKCmBgYGx1YQpBUElfVVJMPWh0dHA6Ly8xMjcuMC4wLjE6ODA4MApBUElfS0VZPTxBUEkgS0VZPiAtLWdlbmVyYXRlZCB3aXRoIGBjc2NsaSBib3VuY2VycyBhZGQgLW4gPGJvdW5jZXJfbmFtZT4KTE9HX0ZJTEU9L3RtcC9sdWFfbW9kLmxvZwpDQUNIRV9FWFBJUkFUSU9OPTEKQ0FDSEVfU0laRT0xMDAwCmBgYAoKWW91IGNhbiBub3cgcmVzdGFydCB5b3VyIG5naW54IHNlcnZlcjoKYGBgYmFzaApzeXN0ZW1jdGwgcmVzdGFydCBuZ2lueApgYGAKCgojIENvbmZpZ3VyYXRpb24KClRoZSBjb25maWd1cmF0aW9uIGZpbGUgbG9hZGVkIGJ5IG5naW54IGlzIGAvZXRjL25naW54L2NvbmYuZC9jcm93ZHNlY19uZ2lueC5jb25mYCwgYnV0IHlvdSBzaG91bGRuJ3QgaGF2ZSB0byBlZGl0IGl0LCB0aGUgcmVsZXZhbnQgY29uZmlndXJhdGlvbiBmaWxlIGJlaW5nIGAvZXRjL2Nyb3dkc2VjL2NzLW5naW54LWJvdW5jZXIvY3Jvd2RzZWMuY29uZmAgOgoKYGBgYmFzaApBUElfVVJMPWh0dHA6Ly9sb2NhbGhvc3Q6ODA4MCAgICAgICAgICAgICAgICAgPC0tIHRoZSBBUEkgdXJsCkFQSV9LRVk9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICA8LS0gdGhlIEFQSSBLZXkgZ2VuZXJhdGVkIHdpdGggYGNzY2xpIGJvdW5jZXJzIGFkZCAtbiA8Ym91bmNlcl9uYW1lPmAgCkxPR19GSUxFPS90bXAvbHVhX21vZC5sb2cgICAgICAgICAgICAgICAgICAgICA8LS0gcGF0aCB0byBsb2cgZmlsZQpDQUNIRV9FWFBJUkFUSU9OPTEgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC0tIGluIHNlY29uZHMgOiBob3cgb2Z0ZW4gaXMgdGhlIHllcy9ubyBkZWNpc2lvbnMgZm9yIGFuIElQIHJlZnJlc2hlZApDQUNIRV9TSVpFPTEwMDAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgPC0tIGNhY2hlIHNpemUgOiBob3cgbWFueSBzaW11bGF0ZW5vdXMgZW50cmllcyBhcmUga2VwdCBpbiAKYGBgCgojIEhvdyBpdCB3b3JrcwoKIC0gZGVwbG95cyBgL2V0Yy9uZ2lueC9jb25mLmQvY3Jvd2RzZWNfbmdpbnguY29uZmAgd2l0aCBgYWNjZXNzX2J5X2x1YWAgZGlyZWN0aXZlCiAtIGRlcGxveXMgYC91c3IvbG9jYWwvbHVhL2Nyb3dkc2VjL2FjY2Vzcy5sdWFgIHdpdGggdGhlIGx1YSBjb2RlIGNoZWNraW5nIGluY29taW5nIElQcyBhZ2FpbnN0IGNyb3dkc2VjIEFQSQoKIyBUZXN0aW5nCgpXaGVuIHlvdXIgSVAgaXMgYmxvY2tlZCwgYW55IHJlcXVlc3Qgc2hvdWxkIGxlYWQgdG8gYSBgNDAzYCBodHRwIHJlc3BvbnNlLgo=", ++++ "version": "v0.0.4", ++++ "download_url": "https://github.com/crowdsecurity/cs-nginx-bouncer/releases/tag/v0.0.4", ++++ "asset_url": "https://github.com/crowdsecurity/cs-nginx-bouncer/releases/download/v0.0.4/cs-nginx-bouncer.tgz", ++++ "status": "stable" ++++ }, ++++ { ++++ "name": "cs-wordpress-bouncer", ++++ "author": "crowdsecurity", ++++ "logo": "iVBORw0KGgoAAAANSUhEUgAAAGAAAABgCAYAAADimHc4AAAABmJLR0QA/wD/AP+gvaeTAAAYRklEQVR4nO1dd3hUVdr/TabX9N4IJCGYkJAECF2T0KSoGLDifrqAfDYQRNT1cZfdz3VXmiiK4u6KIr0LCkozVCEBAmlASMiENNInkymZ/v2RZJhzp9w7KeDzbH5/zT33zHvOPe8973nbORfoRz/60Y9+9KMf/ehHP/rx3wbWg+6AKyQv/yEkKlA802gyjVS1G+Nb1LqINq1BqjOYuEqtgaPVGz0AQMjjmGVCrpHPZRukQm6bj4hfIRZyijlsdk55nfpQ3srHax70szjD74oBics2i2OCQxYqtfpZ5fVtSbfrlVKLpWc0WSxgUKCsbYC/9JpUyN2bU9WyseqTp7S90+Oe43fBgNlrjs9QqHXvXpY3jlKo9ey+bEsq5JqTInyuS4Xc1Yffm/odwOohi3uGB8aAAS9uEiQlhK7Ou904r7JJLXgQfQj3lWiTB/j8u6jS9Hbp+mm6B9GH+86AxGWbxQMCAjdcLG14tr5Vy3VVl+3BQlKkL4YN8EFMsCcGB3shKkAKqZALLxEPYj4HAKDWGaHQ6NGmNeB2vRIlta0oqWnFVXkTrlU0w0wjxwI9hYYRMQFbatS61y+vmKnpvaelx31lwKw1xxddKq1fWdWs5jurE+Itwuy0KGQMDcGEuGB4iXk9arNFrcOp4rs4WViNvRflqFU4H99wX4lubFzAu9sXZa7rUaNu4L4wIGvtyfiqJuWhnNKGKEf3BVw2stKi8MKEGGQmhIDt0TfdMpktOJpfha1nSrE3Rw6dweSwXlq0f1mwn3jm/iWTrvdJR2zQ5wyYtebo0uyi2lUKtd6Dek/M52Be+mC8/VgiQn3Efd0VAvVKLTYcvY51PxVAqTXY3ZcKueb0hJAPflg2+aO+7EefMSD6jcP8CH/LL9nFNQ9TRTCH7YFFU+Px3hPD4Ct1Ko0AADUtGlyr6JDlV+VNkDe0oVWjh0KtR6tGD5PZAomAC5mQCz+ZADFBnogOkiEp0gfj4oIQ6Cl0Sb9B2Y6/78vDhmPXYTSZiXssFjAtOfw3k9CcfmRR3yzSfcKAaSt/CrpT315QVNnsR703Li4IX/xxDIZG+Dj9/5XyRvyQW4H9uXIUVrb0qC9xIV6YlhyOp0YPxMhof6f1rsqb8Po353G+pM7uXmKkT0Okp+fQg+9PtL/ZQ/Q6A2asPBpzo6rlSlmdUmJbzueysfL5kXh9SjxYDlrV6IzYdKoEnx4uROldZW93CwAwKFCGVyYPwfyMOMiE9gqYxQKsO1KI97blQG8kZ0N0oEyVEuubuvP1iSW92adeZcAz606mnb1x93R1i5pQXQYFyrBjcQZSB9pNCLRq9Fj7YwG+PHYdjW3tvdkdp5AJuXh18kN45/EkeIrstayc0gY88+lJyBvaiPIwH7F+/JDA8dsWZeb0Vl96jQFz1p0c/NuNu/nUwc+ID8HetybaPajFAmw9W4rlWy/iruLBeAb8ZQL8dU4qFmTG2WleLWodnlxzHKeKa4nyMB+x/uGhQYlbXs242Rt96BUGPPrRYf+yelXZrdpWqW35EyMisW1RBgRc0rtw624rXv76rN3DPSiMHRyI7157BAMDiO5DZzDhD19kY/eFcqJ8UKBUHRsmjT68fPrdnrbdYwZEv3GYL+JrqwooC+689MH4asE4uzfrh0sVeHHDKbRq9D1tulchEXDx+R/H4A8TYohyk9mCl78+g03ZpOhPjPCpN4pN4UUrnurRg9jp5u5iQIDlGHXwnxgRaTf4JrMF7+/IxZNrjv3uBh8AVO0GvLjhFN7dlkO4LtgeLPxr4XjMGUXakPl3mgNCOZIjPW23RwyY88nxpSeLasbblqXHB2P7ogxi8I0mM/7wRTb+ceAaeupe7isIuGzMGRWFAE8hbtWSWpgHi4XvX0/HpKGhRPnxwuqM2Z8cX96TdrstgrLWnow/UVCZ36q5Z+FGB8mQ+9ETxIJrNJkx9/Ns7Prtdk/62aeYmRqBL+aNRRiNNa5Q65H63n6U19/TjrwlPHP6kKD4vcum3OhO292eAVVNykO2g8/nsrFjcQYx+GaLBc+v//V3Pfj/83AMDiybTDv4AOAl5mHnm5ngce4NW4tK71GjaD/Y3fa7xYCstccXUx1rq19IQ0oUqef/bc8VOw3i94ToIBm+mj/OoWHoDMMH+uHj50cSZRdu1cc8ve7kq93pg9sMSFy2WZxzq/5j27IJQ4Lw6qSHiHo/XKrAh/uudqdP9w1vTksAn+t+AG7R1ASMHRxIlF0oqVszesku144nB+C4+4fIwKAvCy5VWD1oHLYHPntpDPEWmS0W5JTWY/Gj8eBx2JCJeGB7sOAl5oHL9oC3mA8vMQ9SARc/X6vCBzsvEW2MiQ3EB1nJMFssUKj1UGj0UGr10BnM0OqMUOsMVlcBiwV4ifjgcjwgFnAg4LLhJeqgL+ZzcKKgBh8fvObwWcYODnL38a1tfjl/HFLf3Q9DpwPvTpNKkDQ8cj2A+W7RcqfygBc3CbQ8rtI2krVsxlCsnJvmDhkCJrMFgrnfwGS+px7tWpKJ2WkOQwduw2gyQzB3k8Oo2LWVT7p0CtJh6eYLWHe40Hod7CXSi3jeMnfCm26JoKT4sDW2gy8RcLH88SR3SADocEM0KNtRXKXABzsvEYMPAJtP3cKNGgU0OqPbtLugN5pR3azG6h8LnIYky+raHJYzxfuzkiER3HPq1So0vIRIzscu/mIHN0SQhZVXvv2PtiWvTh4CP6l78fQFG8/g21MldoNuix+v3MGPV+4A6GDyAH8Jcj56ws6l4QhvfHMeW8+VQqGmN/ZOFFTjiRGRzDuPDvdE17rhK+Vj4cQ4rPmxwHo/r7zpZcCyhGm2BeMZ8NjHR5+zzV4QcNlYPC2Bec87kTk0xOXgU6FqN6CwsgU/dTKEDiNjAhgNPgBsO1cGrd69WbYvR05cvzUjEULevff4TqNKOHvtiaeZ0mPMAKXWsMz2+ukxAxHsJWL6dytmpkZCxHd77ce2s2WM6j0xPJLRTAE6PJ7rfy52qx/fn74FtY1oDPIS4smRA4g6zar2ZWAIRgwIW7JLmFfRmGhbNnc86bT6/kyp0yC3LcR8DqYmhTHtnxWHr1aiWUW/tkmFXExOZE7/nz9cdSsOYTJb8M2vpCd67vho4vrS7cbkkJc3Mno7GTEgLcznFaXGYK0b7itGenwwUWfNoXyr3KbD7FHuazg6gwl7LjIz6tyhr1Dr8e429+IrG46Ss2bi0FCEeN8b7zatwWNU7MB5TGgxYoBSq59lez1n1EB42Cj+uWUNyL/TjC1nSpmQw4yUCEJuMsVWhvQfc0MMAcCm7BKcvcHMta/SGXCzphUFd5qtZWwPlp3arNIZspjQY8SA8vo2QtfMSAgh7u/pdDccuVrJaDpLBFw8Osx9MXT25l27MKEjyIRcTHFDzFkswBubzttlRThCi6pjgd9LmY3plDGR17clM2mblgGj3z8UerteaQ0VcdgeGBdHWpDHCqoBdOjeOxk63rojhiyWDs2lL+hfq2jG1ydcOzRNZgvKO1+AvRflxL2HhwQTLviyujbZiLd/ojW1aRkQ7COcYWvHpEb5ERkF9UotrlU0Wa+3nGYmJmamRlpzO90BYzGUGum2mPvrnisOk7S6UNGosioaRVUtqGu9F8v2EvMIZ6TZYkFoAGc6XZu0DDCYzYSfISmSNN3P3qgjgiwXS+txs6aVjizEfI5bYqIL16sVuFLeSFtPKuRiSlIobT1bNCjb8dUx59mIV+VNxPW1imbiOpHi1rCwWKPo2qRlgKbdEG97HRviSdwvrrJPnNp6ltlb2h0xBDC3CWaPGug27e9OOU/7yS4iN9rkyckXgTo2aq2RGDtHoGVAs0oXTjQSTDZyo1ph958tZ0oZhR67qw1tP1fGyJqemRLhljYEdMywPMqb3oVsShbH1XKy3mAKA5pV7bR+DloGKDV6IlcjipK6UVJrL27kDW04fZ0+5aS72lCtQoMThfTbvqRCLqZ2g/65m/YZiBWNKhRRZntlk5q4jvInx0apNZAFDkDLAK3eROTwUROsnFmnfS+GmNGf0w0xVOFA1d12tsxuVreoyWenjo1Wb3S5AQVgsgbojYSMkApImm3tjrWG3RfKGTm6uiuGDuTKaXe+dJe+2oEbfOd5+3WH6vSTUvJNNXoTbcP0DNAZiTpU1bHNidrWqtHj4GV614REwMW05HDaelQkhPsQ1rgzSIVct31PnkLyTS6sbEH+nWa7etQZQH05NToj7QLU48QsV4vhltO3GNHojhhy5z9zRrtH309Gxjgcvf2A62dnCloGiPgcwj6nTk8BzzmTf8mvZpR4OzMlwi2jjMWCnQvYJX03jb74cG/i2pl1L6Q8O1Uci/gcWvcwPQN4HGLEqY3IhM430RlNZuz8jV5nF/E5mDqMuRgaHROICD+JtQ06uGv02RqbuWUNTvcrUJ+dakWLeGzaRZDJDCCoUvM6Q31cu72Zeki7K1L+tjevV+lHBUiJQNMOF74n6r42JWVshDyOc79GJ2gZIBVyCZ3MNi0PAG1G2eXbjXb6syNMTw5nFCljsYCsTtevUmvA6kP5di4BR5iREsGIvu2CbbZYXCaWRfiRz15OUV9llLFzBFoG+Ir5hCpD9fPEh5Hy0hGYOOg6jDJ6MTQ6JtDK9AO5crQbTNhyhn6xZ0p/io3hdvZGHaqa1U7rplB2/NyoJsfGV8KX07VHL4IEnCLba6rlOzSSPq9m69lSRjo7EzFhW2fn+Y7FcdtZZq4JOvpeYh4RztzhRPvpwvCB5Ka/klrSLSPkcwpBA1oGcNhsIl5n63oGOrLY6FDVrLbzozgCnTZkq/00trXjeGccolahsf7uCf2skVFW35HRZMY+is+f2pdUSi5sPkUUerBAG+ukZUBFU+tBW4PnSnkTsRCHeIsQF+JFRwbfM7AJ6LQhW+1nX47cmhboDn1XYujZcYOsv48X1qBe6VyFHhLqRRyjoFDrCSeeB4uF0qr2H+n6RMuAyx9l1Q4MlFoXE6PJjDOU+CkTS3ZfjtyhiU+FKzFBih9SPBy4VOHUKmdC30fCxwSbSJ8z48tKhxIDzi6uJcTgoCBZa+Gnj9PuK2ZkCUf5SYg05xMFpCeSiexu0xpwIFdOW8+ZmLAVP7UKDU5fJ18Cjc5olzTlCDOc0J+WHA4Ou2M42g0mHMitcEnnqdGDiOuThaQIjPKTMNKPGTFAIuLts73ec7Gc4HZadABigjzt/kcFE5vAmRiyFT+7frvtcNFlKoYczdjpKRHW30euVrrcx5Y8wBcPhd0TuyazxS5GLBJy9tB2BgwZkFPVslEm4loFbnWzGidtokMsFrBwUhwtneMF1ahpoT+Ox9GMsi1ztuMmu7jWzkfvmD7pouayPTDFRvvp0q6c4QXKTspjBdXEMTieIp45r6D6P7QdAUMGVH3ylDZ5gC+RZE91tL30SKzD7f+2MJkt2M4gq4FqNLFY9xggb2jDhVv1Dv9ntlgYxSGmJ4cTYmh8XJB1QVW1G1wmmAXIhFiQSb5s1LFIifK7LP/2JUbpdoy9oVIhf5Xt9e4L5cTb7C3mY9Gj9Mm6rmKuXRBTtJUxsfeMrx3nb7sMdzIxykR8DiFyZqTe+30gt8JlWvyyxxIJ5t1VaLGfsl54irmrqP9zBsYMOLR80o5wX4lVL2s3mLDupwKizpLpCbTp6oWVLYxcB7YiJyuNXvx0obhKgcu36bMmbOnPsGGGK/oBMiFemTSEKFt9KJ8IPEX4SbT735rESP4DbsUDWJbkgb7f2JZ8eew6GpT3Zpq3mI8PnxlOS4nJW9olhmx9Pzc7z4Gjp08vhqYN6xBDQ0K9EB0kA9ARXj2aX+X0Px8+M5x4+5vadHbJXMkD/Da6cxKjWwGZH07ceCvQU2hVttU6I/55gNyINz9jsN0GNiqYuA7EfA6mDQvH6JhAhPt2iR9m6Sjbz5XRuqlFfA5mpEQQb/++HLndMTVdeHRYOOalDybK/m/vFahs3PPBXiL9LXXLO4w62Qn3ImJHFulGxvhvsy1a/0sxIVI8WCxsfu0Ru/ioLZhmNcweFUW4npnuN65XavFLPr1rYvaoKMy0kf/OXM9eYh6+WkBuZy2404wNlCSu4YP8vnX37Ai3Q5LVav2rYT5iq9wxmsx4/ZtzxMIYFSDFl/PHuaTDRGefnhJhtTivyptw3UEOkjMwCYdOSw7H6E5f1l2FFqccpNKwWMCGeWOtsxDo0Lb+999niVkW4SfR5hfXLGbcwU64zYDLK2Zq0mL9ifMRzt2sw2c/k46/58YOwtLpQ53SOZArp3UdiPkca9DD3d32By/foT0URMjjWBNqd19wbNz9OSsFz4whrd51hwvxWwmpCqfFBixlqnraoltB+T1LJq1Pi/Yn5uvyLTl2nVo5dySeGu04L0fN0HUAdGRF76AxjqjQ6o2MN3QAjteXeemD8ZfZKURZblkD/rQ9lygbExtQsmtx5ldudbAT3c6KCPYTz/QS86xz0GAyY+7nvxK5Mh4sFr579WGnzjom2hDQkfDLZF+APX1m4dCKRpWdcTcjJQJfzh9LlLWodXh63UliofYW800hvtLH3O5cJ7rNgP1LJl3PHBr2lu3CVF7fhllrjqHdZq8Yn8vGvrcmOdx4/WsRM9cBnWvAGU5fr2XEuJ0U4+6lR2Kx962JVucc0GH3zFp9jKDHYgGZicHv7X6z+8eX9SgvaM+SzHWZ8aGnbMtOFdfimXUniQWKx/HAzjcz8WfKdDZbLNh2zvVbarZY3BIltug4l45edd1u04d3HkvCvxdOANdm8E1mC174PNvOAzspIez47jcnMbZ6HaHHiVk1JtXkxEifBtuyg5crsPBfZ4lFjcUCVsxOsVNR6bSh09fvotpFXJYOdGLuRo0C1yqa4SXmYesb6fjHcyMIddNktmDBxjN2W5KSIn3rGu/cmdbtjnWixwwoWvGUPiLA56HYYE9irm/KLsHstcft8kPnjo/G5X/MsoYy6VwHdIEROtysacXFUsfOO6BjcZ+SFIb8VVl4diyp7egMJjz32Ul8S/FfDQqUqSI8ZUmXv15IHwGiQa98LKHk6HeaR55dsEepNr7cpjVYbfWbNa04f7MOjw8fQGTQ+Uj4ePGRWAR7i3HhVh0AlsM0coPJjPkbz0Dj5m52KgQctlNFwGLpOPPBUdb3zJW/4MhV0jUR5iPWjRgUlLT/nczKHnWqEz2eAV3Yu3jyrQlDAieE+YgJ5Tu7uBap7+1HbhkhpeDBYmHhxDiUfvo0BgZKHXo4TxTW9Mphrjt/u+3UxZAeH2x3YNPF0nqkvrvfTuaH+Yh1YwYHjN+9NJ2ZesUAvfq5kIIjm6sfeW7BDrMJLzWrdNYzhRRqPTafvgWJgIu06ADigQVctl1ZF/6+P4+R55QOGr0RKVF+iAt1nTxgtliw9qdCzF2fjWZK5nNssKdqVEzwsB1vZhQ4+Xu30GszoAsHl04tTQjziqYuzHqjGUs3X8D4vxxiNKgWi+PdN+4iPswb7z6ehJhgmct6efImjPvzIby95SKRbQF0LLixYf5R2xY/zMxwcQN9dnx9/IpdvBC2+MiJopoMR8fXvzb5Ibz/5DDa+EFdqxbnS+pwraIZxZUtqGpWo7JJDY3OiFaNHh4eLEgFXEiFXIR4ixAVIEV0oAzDB/kjLcYfATL64+s/3JeHDUeL7VwRLBYwLSniVG25fFJvLLiO0OcfcHjusxOvHMuvWd/Y1m4n7h70Bxw++bEQ638pchgB85HwzZMTw97evjhjbV/24/58wmT1L3E1Le2HLpTWRzu63/UJk+fHR2PS0NAH/gmT0bEBJaG+0sd6YuEyxX39iE/WmmOv5JY1rHX12apgLxGy0gYgIyEUDz8UBG+x6y9s0KFZpcOp67U4WVCDvTnlLjeMRPpJ2sc9FPT2ltfSP+9Ro27gvn/GKnXFIVGoiLc+t7Rh7t1WrctPJDn6jNXAQCkkAi68xTzreW2qdgNa1N3/jFWwl0g/PNrvu/yimkXdcSn3BA/sQ27RbxzmJ0RyV1253Ti/sknl9nmbvYEIP4k2Ocr36wMXFcuxu2enoHcXv4tPGT656th0pVb/3hV506gWte6+fMpQLOCu+vlPUzf/137K0BHCluwSjgjzWaDS6J+UN7Yl365rkzHZV+AKHiwWBgVKlZH+0isSIWdPXkH1f+63mHGF3xUDqIh/e1dQdKDXDABpKo0+vkWtj2xrN0i1OiNXpTNyu/Ywi/gcs4TPMQj5HINUwG3zkQgqxAJ2IZvFyimp1B5ikqXcj370ox/96Ec/+tGPfvSjH/cL/w/RdOpfEcCqbwAAAABJRU5ErkJggg==", ++++ "url": "https://github.com/crowdsecurity/cs-wordpress-bouncer", ++++ "description": "CrowdSec is an open-source cyber security tool. This plugin blocks detected attackers or display them a captcha to check they are not bots.", ++++ "stars": 8, ++++ "downloads": 16, ++++ "readme_content": "IyBDcm93ZFNlYyBXb3JkUHJlc3MgQm91bmNlcgoKIVtDcm93ZFNlYyBXb3JkUHJlc3MgQm91bmNlcl0oLndvcmRwcmVzcy1vcmcvYmFubmVyLTE1NDR4NTAwLnBuZyAiQ3Jvd2RTZWMgV29yZFByZXNzIEJvdW5jZXIiKQoKIyBIb3cgdG8gaW5zdGFsbCB0aGlzIHBsdWdpbiBpbiBXb3JkUHJlc3MKCgotIEdvIHRvIFdvcmRQcmVzcyBiYWNrZW5kCi0gR28gdG8gJ1BsdWdpbnMnIC0+ICdBZGQgTmV3JwotIFNlYXJjaCAiY3Jvd2RzZWMiCi0gTm93IHlvdSBjYW4gYWN0aXZhdGUgaXQgYW5kIHNlZSBhIG5ldyBtZW51IG5hbWVkICJDcm93ZFNlYyIKCiMgV29yZFByZXNzIE1hcmtldHBsYWNlCgpZb3UgY2FuIGZpbmQgdGhpcyBwbHVnaW4gb24gdGhlIFtXb3JkUHJlc3MgUGx1Z2lucyBNYXJrZXRwbGFjZV0oaHR0cHM6Ly93b3JkcHJlc3Mub3JnL3BsdWdpbnMvY3Jvd2RzZWMvKS4KCiMgRkFRCgpMb29rIGF0IHRoZSBbRkFRIG9mIHRoaXMgcGx1Z2luXShkb2NzL2ZhcS5tZCkuCgojIyBEZXZlbG9wZXIgcmVzb3VyY2VzCgotIEluc3RhbGwgV29yZFByZXNzIGFuZCB0aGUgQ3Jvd2RTZWMgcGx1Z2luIGxvY2FsbHkgd2l0aCBkb2NrZXItY29tcG9zZQoKTG9vayBhdCB0aGUgW0luc3RhbGxhdGlvbiBndWlkZV0oZG9jcy9pbnN0YWxsLXdpdGgtZG9ja2VyLWNvbXBvc2UubWQpLgotICBEZW1vIGd1aWRlCgpGb2xsb3cgdGhlIFtEZW1vIEd1aWRlXShkb2NzL2Z1bGwtZ3VpZGUubWQpIHRvIGRpc2NvdmVyIHRoZSBtYWluIGZlYXR1cmVzIHRoaXMgcGx1Z2luIGlzIGNhcGFibGUgb2YuCgotICBIb3cgdG8gY29udHJpYnV0ZT8KCkxvb2sgYXQgdGhlIFtDb250cmlidXRvciBndWlkZV0oZG9jcy9jb250cmlidXRlLm1kKS4KCiMgTUlUIExpY2VuY2UKCltNSVQgTGljZW5zZV0oaHR0cHM6Ly9naXRodWIuY29tL2Nyb3dkc2VjdXJpdHkvcGhwLWNzLWJvdW5jZXIvYmxvYi9tYWluL0xJQ0VOU0UpCg==", ++++ "version": "v0.6.0", ++++ "download_url": "https://github.com/crowdsecurity/cs-wordpress-bouncer/releases/tag/v0.6.0", ++++ "asset_url": "https://github.com/crowdsecurity/cs-wordpress-bouncer/releases/download/v0.6.0/crowdsec.zip", ++++ "status": "stable" ++++ }, ++++ { ++++ "name": "cs-firewall-bouncer", ++++ "author": "crowdsecurity", ++++ "logo": "iVBORw0KGgoAAAANSUhEUgAAAGAAAABgCAYAAADimHc4AAAABmJLR0QA/wD/AP+gvaeTAAAO10lEQVR4nO2deXRUVZ7HP/fVmlRCErJvQkhCEkJCQgFhTQBlCaI20CAgyKBGzWjPONMObqg96sHpFnV6tM/x2GL3uHGOM+fQC3bjQhM2lQ4DjRA3BLUhUAkkgYQkVamqd+ePkJCQKrLUq0p5Tn3+eq/evb/7e+/73l1/7xWECBEiRIgQIUKECBEiRIgQIUIEDDHcDviC1Wo1NBGWrFcceqeitH574EDdcPs0WH5wAoyxzrxOrzrvRIhyYCKg63G4ScBfpGTL14c/3QHI4fFy4PxgBBhrtcahGjYjWA0YBpDlC6R8NiUqbGtVVZXL3/4NlR+EADnWkjlSFVsRJA4h+z5VGpZ+c3jvOc0d04CgFyBn0owcqboPAFE+mDlqcJin19RUXdLKL61QhtuB/pBu9xZ8u/gABU6zfaMW/mhNUD8BuRNLrCrioEbmOoSiK/zq4P6vNLKnCUH9BKhCLNfQnFGq6mMa2tOEoBYAlYnaGpTLRxfNjtbWpm8EtwBCjNfYotmo2BdobNMnglsAZMxgUkdHRzEqPR0hvDdtEjnfZ7c0RD/cDnhj9OzZZprt5q79/LxckhIT2Lv/UzqcHb3SCiG4/54KVixbgk5ROP7NSR564klsdfV97ArEZP97P3CC9glQWlpMXduL5s/j1Zf+k6cff4znn30avb73fXPjgvmsWr4MndJ5OtlZY/j3xx7xZjrLXz4PhaAVQI2MdACYTSZ+Unk3NpuNkydPYC0uYm5Zaa+0t69eCcDB6moOVlcDUJA/juIJhZ5Mmwii8w4aR67mu6qqDoD8cXlERkRw953rWbNqJcePH2fmtJLudJGREaSlpvD2m29QeU8FlfdU8M7bb9GZN9eDZdkMqIE4h4EQtALQeZE64uPisNls2Gw2nE4n2//wexIS4rsTxcaMBOi+6ABbL293HeuNaPGn04MlmAUAaLx48SIjRoxAuVy/nz9/nsbGpu4Etvp6pJRcunRlmqelpfMan7X1XR4QQTZFHdwCCNHwxVdfYzAamFVaRphJclvZOUoN93L0uSPseqKGX66toeHYc5TOKO7ONqVkKlJKDh463MekhLTCwkJLIE/jWuj6TzJ8xCan3mp3OEaZzWb+9Y4Z3DdzG/G6w3x7qpX0BAgzuqk/105RwieUT/iO4vEJxCUXcs8/P8n+T6vZ9sftnswKF6bfNdhOnQn0+XgiaMcBnYgGgPPHnid2XC16nYs2vaAou/OoXgejkwWqBIU2yrK+pCzrSxyndnLkhIUYSyJNrX3vMSFkIVAdyDPxRpBXQTTeNbeOTSu/R690LmqFm0HX45omxQqUHgPfCy2SP1Y1s2C8jefWfOfFsJzrN58HSVALICUNyyfX0eHsP62jA7btVnn5f90UZQsiLb2F6WVXsGD27NlB8fQHtQAKNNjdRv70scppLwuKHU748K8qz73tIjYKHl2nJyu988pbkq/3Zjq2ttmx0C9OD5KguAu8oUraH383ndf/8TQ7D1zivX2SjBSB2QhuCd+dgbMNkmkFgg1r9Rh7nI0zYhYJWc8QHlZBW3u7B+uyAvDYSgeS4O4FpaQtq79onGFKX8NtpU2MS2ugqUWiqhBuEhTlKCyappCRItBdfpZdYQW0pj5LW/JG9AYLp2vP8PU3J/rYFjA2LinlvQZb7bD2hoK6ChJC3Ajg1qVyMXMbptgiphcolBYrTMkXpMVD18yzakjh0nWvcDH7IzqibqJrtbV8/g1ezatCPOP/s7g2QStA9qSSeUiZD2CJCEfqYmge8zvssXeiGpJB6EDocJvzaE3ZxIWcAziil3L1MndRYQEpyUkeyxCIBbmTps7297lci6AUID8/3yhU8XzXflJiZziQVMJpTX2WprwjNBScpaHgLBfG7sYedxdSMXm0JYSgfP48r2W5VV5NsVrDNT6FAROUAnSYIp8GCgAURSFv7Fif7N1UvhCdznNzJyA7UjU861MBPhB0AuRMnLpCwL917ReMG0d0tG9hQQnxcUyfWuL1uBTcP1xVUVAJkF00vQj4DT0q8iU336iJ7R8tLr/WYUVVeaOgYOag1qC1IGgEyMoqNwmdfEtCd30cHR3FnFmzNLFfMmkSyUnXDC1Ndxhcr2lS2CAIGgGUqKZNXb2eLpYvuQWDcSCB0AOwrygsLu938Ls0p3jaHZoUOECCQoCxE6fMQvJAz99iR8ay6sfLNC3n5kULvDbGXUihPp9RUjKUKOwhEQwCKKC8xFW+VKxfi9ls9pJlaMSOjGVOaX9Vmog2uPiFpgVfg2EXYKx16lpgQs/fiicUsnihfwLY1t22EiEElvBw8nK9dG+lWJtdPL3U80FtGVYB0qZNCwO6pgNcAJbwcDZueLB7DVhrMjMymDV9Gq1tbdjq6ln546UYDcarkwmE+iuWL/f7XNmwCmBxcA+SNIDkxISLAA/cX9lfb8Vnbl22BICmpgvs/fgTNj70UwyG3hPDAsbnnDi10q+OMIwCZGWVmyTyQYDw8LCPJIzMGZvNomtMG2hFUWEBo9LTAag9c5bqQ4d54L7KPukkPIqfr9GwCaCMaFwHpAJy3epVJltdvVi3euU1A2u1QgjBTYuutDHv7fiAycXFTBjfJxh7XJa1xOt0qhYMlwAKiA0A4WFhHztdzhkjY2KYOW1qwBwoyL8y5FBVlT9/uJNVK/p2exUp7vWnH8MiQO7EafOATIB/ua/SUX3wsLJw3g19gm79SdaYMb0a+qOf11Ay2dod4NuDxf58qWNYBFCRd17erL/++jk5X359nIXzvK7f+oWwMDNpqSnd+42NFzAZTSSnJF+d1GDQORb5y4+AC5BVPCseuAVAp1N22Wz1SRaLhcyM0YF2hTGjR3Vv6/WdPc5wD4M/IfHbAn7ABRDCtRQwAsTHxZ+qq6vTFRXmB6TxvZoRkSO6t1Mv3/kdnmJghNbvql0h4AIoyO5+5qhRaUKVKlmZmYF2A4CIiIjubWtxEVJK6s95iH+RMtdqtWozK3gVgRVg+XKdlMzp2o2LjY2Oi43lurS0gLrRRUREZ4yu2WRi3ty5nDpd6yWEBV1HR1iEpwO+EtC4oNyTp8epgu6gfZfLPSo7cwxxIz3F8fufyMsC3LhwPpERFnbt3uM1bbte+OVaBfQJcKH26mKcPPntOICYmOF5dVcIQXR0FBXr1wHwyV+9xus2f3N473l/+BDQJ+Du0jpHTrrdmRjlNLy9P573/3YyZceHH7Fwnl8Hm15pbrnEkw8/xIjISBqbGtn/6QFvSY/hpxc7AiaA3GXMRTn7Dpe/9TMl8xJPR6SxafOLmM1mZs+aGShXurllUTmWCAvfnz7Du9u24XZ7fnVMIPf7y4eAhCbKg4Tj1H+IoLu7IwSU5jXzbZ2BX//PYdJSU/0+FhDuC0SdXIql9hH09s/Y800Sz7z0Gjuq9nH2fBPR8fFEREWjSjcddjsAYUYVo0E+ajt15nt/+BSYJ6DN+DKC/Kt/FgKeWnGamtPh/GzTf3C2ro7bV93qNzfMDb9F39b58RXjxfdIb6vD7sjrPi4l6AxGYpPSKC84/+36GcfDxiTYE4WQv6CU6UJo/3al3xthWWXcgBTrvR0PN7l54fbv0Skqr7z2OpueewGXyz9fGDO09q5JrAmH0Ov6XtO8hPM8teRYRmaiPUkIBIgSdpu0iY+5Cr8IIP+ESVaZZ8kq45sI8fP+0ueltlExt/ONxu073ucnDz5MY1NTP7kGj3C39trXKSqq2nsEPsLUwcPX70URV7W5gjLNHUJDAeReYuQe4+Nyj2kvFlMzQu5BiDUDzV85v46MhM5698jRo9xReT9ffPm1Vu5dpu+Ttcb6GQkRrYQZnMzM+DsvLX2P5BEev2zm8bV7X9FsAkbuNv0euNkXG9UnIlj7q2zk5ZvPZDTxxCMbmFOqTQ8p6vhc9O3Hhpq9jlJHitbtgJZVkM9D9cmZl1gxtaF739HhYONTz7Dlv9/01TQAQvp07RLZY/yRJo70QEMBxF4trPx08RliLO7ufSklW954i799dtR349LjPM8gEK/L3Ybi/tMNHC0F+EALK1HhLh5cXNvn92M1X/hsW3H53LBHgbJH7jbdJ3dp04XXTgBLezXg7jfdAFg6pYHi0Vd6LEaDkUkTi3wz6rYj3M0+egZ0VrUvo5iOyl1mn+dQNBNATMIJ9L11h4CiwNMr/o5BL1l6802885tfk5sz9Jc0mltaeHHzg2j8lZpcFLnVVyNajwM0G0FlJ9upnFfHsc8/x2Qa2lqIqqps//P7rF5fQUu9Vp8f7YXPdZp244Aqw2QgQyt7APfeYCPceZS1d1Wyfcf7uN0Dq+GcTicf7PwLd1Tez6bNL9DY1ERhhk6T6rEH34Hq87yJluOAfcAMrex18f05E4t+nofLLUhOSmTB9XOZWjKZ3OxsjMYrMZ3t7XYOHTlC9cFD7Ny9l4bGhl52Xr37RG1ZXnOqBi65kfwXDsfjYgGt/Se/NpoIID+yJGJw2bSw5YmH3xnFtureq2aKojAyJgaj0YjT6aShsRFV9V7H79xYczYttqNPzMngkAdQ5H1ilvP/fLNzBW1mQ3Ud6f6c11sw4UIfAVRV5XxDg5ccfYmNdEb64MI5EA9T6vhtcI6E251HkdRoYssDcZG+t+1GHWFDzLoFxZEjyuyv+2M6WpMnQCzCIfcY5qA6H0GwHtB0kdelYgfaQTSB9NTzcABtIBwg20DYQRolMlogkoE8VSJ1g1uAqgcqRJnjD1qcgzc0j4aS76IjMawE3PNATANK8FUQIbaKUvvqoWa3Wq2GTzbX1BgUmT3ALB+gN6wVMy71/fSuxvg9HE1KBHuMuUhlKoKFdH67eZCCiLtEmX2LT37sNv0S+Kf+i+IFbI4NYoU2o/r+iwswchd6FNNchPgHpFwC9Pcm3klUxwQxB5/+fkTuC7sOt1oNJHhJ4kDwgCh1vOJLOYNlWP9BQ+4lBrdpFUKsAznFQ5LPUOWtYk7Hl9qUZx6Dqj4JohRIBASCWuADJC+KMsdxLcoZDEHzFyadYwnnDFDiADeqqGF2+wEhgutDqyFChAgRIkSIECFChAgRIkSIED9g/h+02l+jofHlGAAAAABJRU5ErkJggg==", ++++ "url": "https://github.com/crowdsecurity/cs-firewall-bouncer", ++++ "description": "Crowdsec bouncer written in golang for firewalls", ++++ "stars": 7, ++++ "downloads": 1144, ++++ "readme_content": "PHAgYWxpZ249ImNlbnRlciI+CjxpbWcgc3JjPSJodHRwczovL2dpdGh1Yi5jb20vY3Jvd2RzZWN1cml0eS9jcy1maXJld2FsbC1ib3VuY2VyL3Jhdy9tYWluL2RvY3MvYXNzZXRzL2Nyb3dkc2VjX2xpbnV4X2xvZ28ucG5nIiBhbHQ9IkNyb3dkU2VjIiB0aXRsZT0iQ3Jvd2RTZWMiIHdpZHRoPSIzMDAiIGhlaWdodD0iMjgwIiAvPgo8L3A+CjxwIGFsaWduPSJjZW50ZXIiPgo8aW1nIHNyYz0iaHR0cHM6Ly9pbWcuc2hpZWxkcy5pby9iYWRnZS9idWlsZC1wYXNzLWdyZWVuIj4KPGltZyBzcmM9Imh0dHBzOi8vaW1nLnNoaWVsZHMuaW8vYmFkZ2UvdGVzdHMtcGFzcy1ncmVlbiI+CjwvcD4KPHAgYWxpZ249ImNlbnRlciI+CiYjeDFGNERBOyA8YSBocmVmPSIjaW5zdGFsbGF0aW9uIj5Eb2N1bWVudGF0aW9uPC9hPgomI3gxRjRBMDsgPGEgaHJlZj0iaHR0cHM6Ly9odWIuY3Jvd2RzZWMubmV0Ij5IdWI8L2E+CiYjMTI4MTcyOyA8YSBocmVmPSJodHRwczovL2Rpc2NvdXJzZS5jcm93ZHNlYy5uZXQiPkRpc2NvdXJzZSA8L2E+CjwvcD4KCgojIGNzLWZpcmV3YWxsLWJvdW5jZXIKQ3Jvd2RzZWMgYm91bmNlciB3cml0dGVuIGluIGdvbGFuZyBmb3IgZmlyZXdhbGxzLgoKY3MtZmlyZXdhbGwtYm91bmNlciB3aWxsIGZldGNoIG5ldyBhbmQgb2xkIGRlY2lzaW9ucyBmcm9tIGEgQ3Jvd2RTZWMgQVBJIHRvIGFkZCB0aGVtIGluIGEgYmxvY2tsaXN0IHVzZWQgYnkgc3VwcG9ydGVkIGZpcmV3YWxscy4KClN1cHBvcnRlZCBmaXJld2FsbHM6CiAtIGlwdGFibGVzIChJUHY0IDpoZWF2eV9jaGVja19tYXJrOiAvIElQdjYgOmhlYXZ5X2NoZWNrX21hcms6ICkKIC0gbmZ0YWJsZXMgKElQdjQgOmhlYXZ5X2NoZWNrX21hcms6IC8gSVB2NiA6aGVhdnlfY2hlY2tfbWFyazogKQogLSBpcHNldCBvbmx5IChJUHY0IDpoZWF2eV9jaGVja19tYXJrOiAvIElQdjYgOmhlYXZ5X2NoZWNrX21hcms6ICkKCiMjIEluc3RhbGxhdGlvbgoKIyMjIEFzc2lzdGVkCgpGaXJzdCwgZG93bmxvYWQgdGhlIGxhdGVzdCBbYGNzLWZpcmV3YWxsLWJvdW5jZXJgIHJlbGVhc2VdKGh0dHBzOi8vZ2l0aHViLmNvbS9jcm93ZHNlY3VyaXR5L2NzLWZpcmV3YWxsLWJvdW5jZXIvcmVsZWFzZXMpLgoKYGBgc2gKJCB0YXIgeHp2ZiBjcy1maXJld2FsbC1ib3VuY2VyLnRnegokIHN1ZG8gLi9pbnN0YWxsLnNoCmBgYAoKIyMjIEZyb20gc291cmNlCgpSdW4gdGhlIGZvbGxvd2luZyBjb21tYW5kczoKCmBgYGJhc2gKZ2l0IGNsb25lIGh0dHBzOi8vZ2l0aHViLmNvbS9jcm93ZHNlY3VyaXR5L2NzLWZpcmV3YWxsLWJvdW5jZXIuZ2l0CmNkIGNzLWZpcmV3YWxsLWJvdW5jZXIvCm1ha2UgcmVsZWFzZQp0YXIgeHp2ZiBjcy1maXJld2FsbC1ib3VuY2VyLnRnegpjZCBjcy1maXJld2FsbC1ib3VuY2VyLXYqLwpzdWRvIC4vaW5zdGFsbC5zaApgYGAKCiMjIFVwZ3JhZGUKCklmIHlvdSBhbHJlYWR5IGhhdmUgYGNzLWZpcmV3YWxsLWJvdW5jZXJgIGluc3RhbGxlZCwgcGxlYXNlIGRvd25sb2FkIHRoZSBbbGF0ZXN0IHJlbGVhc2VdKGh0dHBzOi8vZ2l0aHViLmNvbS9jcm93ZHNlY3VyaXR5L2NzLWZpcmV3YWxsLWJvdW5jZXIvcmVsZWFzZXMpIGFuZCBydW4gdGhlIGZvbGxvd2luZyBjb21tYW5kczoKCmBgYGJhc2gKdGFyIHh6dmYgY3MtZmlyZXdhbGwtYm91bmNlci50Z3oKY2QgY3MtZmlyZXdhbGwtYm91bmNlci12Ki8Kc3VkbyAuL3VwZ3JhZGUuc2gKYGBgCgoKIyMgQ29uZmlndXJhdGlvbgoKVG8gYmUgZnVuY3Rpb25hbCwgdGhlIGBjcy1maXJld2FsbC1ib3VuY2VyYCBzZXJ2aWNlIG11c3QgYmUgYWJsZSB0byBhdXRoZW50aWNhdGUgd2l0aCB0aGUgbG9jYWwgQVBJLgpUaGUgYGluc3RhbGwuc2hgIHNjcmlwdCB3aWxsIHRha2UgY2FyZSBvZiBpdCAoaXQgd2lsbCBjYWxsIGBjc2NsaSBib3VuY2VycyBhZGRgIG9uIHlvdXIgYmVoYWxmKS4KSWYgaXQgd2FzIG5vdCB0aGUgY2FzZSwgdGhlIGRlZmF1bHQgY29uZmlndXJhdGlvbiBmaWxlIGlzIGxvY2F0ZWQgdW5kZXIgOiBgL2V0Yy9jcm93ZHNlYy9jcy1maXJld2FsbC1ib3VuY2VyL2AKCmBgYHNoCiQgdmltIC9ldGMvY3Jvd2RzZWMvY3MtZmlyZXdhbGwtYm91bmNlci9jcy1maXJld2FsbC1ib3VuY2VyLnlhbWwKYGBgCgpgYGB5YW1sCm1vZGU6IGlwdGFibGVzCnBpZGRpcjogL3Zhci9ydW4vCnVwZGF0ZV9mcmVxdWVuY3k6IDEwcwpkYWVtb25pemU6IHRydWUKbG9nX21vZGU6IGZpbGUKbG9nX2RpcjogL3Zhci9sb2cvCmxvZ19sZXZlbDogaW5mbwphcGlfdXJsOiA8QVBJX1VSTD4gICMgd2hlbiBpbnN0YWxsLCBkZWZhdWx0IGlzICJsb2NhbGhvc3Q6ODA4MCIKYXBpX2tleTogPEFQSV9LRVk+ICAjIEFkZCB5b3VyIEFQSSBrZXkgZ2VuZXJhdGVkIHdpdGggYGNzY2xpIGJvdW5jZXJzIGFkZCAtLW5hbWUgPGJvdW5jZXJfbmFtZT5gCiNpZiBwcmVzZW50LCBpbnNlcnQgcnVsZSBpbiB0aG9zZSBjaGFpbnMKaXB0YWJsZXNfY2hhaW5zOgogIC0gSU5QVVQKICAtIEZPUldBUkQKYGBgCgogLSBgbW9kZWAgY2FuIGJlIHNldCB0byBgaXB0YWJsZXNgLCBgbmZ0YWJsZXNgIG9yIGBpcHNldGAKIC0gYHVwZGF0ZV9mcmVxdWVuY3lgIGNvbnRyb2xzIGhvdyBvZnRlbiB0aGUgYm91bmNlciBpcyBnb2luZyB0byBxdWVyeSB0aGUgbG9jYWwgQVBJCiAtIGBhcGlfdXJsYCBhbmQgYGFwaV9rZXlgIGNvbnRyb2wgbG9jYWwgQVBJIHBhcmFtZXRlcnMuCiAtIGBpcHRhYmxlc19jaGFpbnNgIGFsbG93cyAoaW4gX2lwdGFibGVzXyBtb2RlKSB0byBjb250cm9sIGluIHdoaWNoIGNoYWluIHJ1bGVzIGFyZSBnb2luZyB0byBiZSBpbnNlcnRlZC4gKGlmIGVtcHR5LCBib3VuY2VyIHdpbGwgb25seSBtYWludGFpbiBpcHNldCBsaXN0cykKCllvdSBjYW4gdGhlbiBzdGFydCB0aGUgc2VydmljZToKCmBgYHNoCnN1ZG8gc3lzdGVtY3RsIHN0YXJ0IGNzLWZpcmV3YWxsLWJvdW5jZXIKYGBgCgojIyMgbW9kZXMKCiAtIG1vZGUgYG5mdGFibGVzYCByZWxpZXMgb24gZ2l0aHViLmNvbS9nb29nbGUvbmZ0YWJsZXMgdG8gY3JlYXRlIHRhYmxlLCBjaGFpbiBhbmQgc2V0LgogLSBtb2RlIGBpcHRhYmxlc2AgcmVsaWVzIG9uIGBpcHRhYmxlc2AgYW5kIGBpcHNldGAgY29tbWFuZHMgdG8gaW5zZXJ0IGBtYXRjaC1zZXRgIGRpcmVjdGl2ZXMgYW5kIG1haW50YWluIGFzc29jaWF0ZWQgaXBzZXRzCiAtIG1vZGUgYGlwc2V0YCByZWxpZXMgb24gYGlwc2V0YCBhbmQgb25seSBtYW5hZ2UgY29udGVudHMgb2YgdGhlIHNldHMgKHRoZXkgbmVlZCB0byBleGlzdCBhdCBzdGFydHVwIGFuZCB3aWxsIGJlIGZsdXNoZWQgcmF0aGVyIHRoYW4gY3JlYXRlZCkKCgoKCgoK", ++++ "version": "v0.0.10", ++++ "download_url": "https://github.com/crowdsecurity/cs-firewall-bouncer/releases/tag/v0.0.10", ++++ "asset_url": "https://github.com/crowdsecurity/cs-firewall-bouncer/releases/download/v0.0.10/cs-firewall-bouncer.tgz", ++++ "status": "stable" ++++ }, ++++ { ++++ "name": "cs-custom-bouncer", ++++ "author": "crowdsecurity", ++++ "logo": "iVBORw0KGgoAAAANSUhEUgAAAuwAAAHACAYAAAD5pj0sAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAATiAAAE4gBo4oJKAAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAACAASURBVHic7d1/mJ11eSf++3NmMhMBIfzQVUgiorW1KK6dJjPnTMKOiOtaa11b44/dat1aabWK2l7dar/ttvvDrXa3rVh0FbHbgq7VdK3aKlURZk3mnDPhmvo1iKj1ByURqhQNSAgzmXk++wdhVQSSzJznPM/Meb2ui7+8rvt+/yEzb54593kiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO6Tqg4AlK/ZbJ5WFMWjhoeHTy+K4vSIOD2lNJRzPiWl1Kg6H1CtoijuaDQaRc75O41G458WFxdvHxkZuW3Xrl23Vp0NUNhhzZiamho+dOjQE1JKT04pPSUifjwiHhsRZ0fEyZWGA1areyLiHyLipoj4Ys75841G43Pz8/M3zM3N3V1tNBgcCjusYtu2bTunKIoLc84XRsSFEXFq1ZmAgbCYUvpcURRXR8TV69ev3z09PX1P1aFgrVLYYRXZtm3b5sXFxeemlJ4WEf8iIk6rOhNARByKiE5K6dqc88c6nc5nqw4Ea4nCDjXXbDYfFhE/HREvjYhnRcRQtYkAjurGlNIHFxcX/3zPnj1frzoMrHYKO9RTY2Ji4oKU0ksj4nkRcVLVgQCWoYh7n7xfkVJ6/8zMzHerDgSrkcIONXLeeeedeMIJJ1yUUvr1iDir6jwAPXRXSumylNIfzszM3FJ1GFhNFHaogcnJyYcXRfGLEfGGiHhU1XkASrQQER8oiuI/z87O/n3VYWA1UNihQmNjY2eMjo6+Ouf82ojYUHUegD4qIuJ/55x/t9vt3lh1GKgzhR0qMDY2tm5kZOTXI+K3I+LEqvMAVKjIOb+nKIo37tmz5/aqw0Ad+bYJ6LNWq3X+0NDQX0fEiyNipOo8ABVLKaWxRqPxik2bNt2zf//+6yIiVx0K6sQTduiT7du3P3pxcfG/R8S/qToLQI11Ukqvarfb/3/VQaAuFHYoX2o2m6+KiDdFxClVhwFYBRYj4u0LCwu/NTc3d3fVYaBqCjuUaGxs7JSRkZHLI+L5VWcBWIW+GBEv6HQ611cdBKrkM+xQklartWVoaOjqiJisOgvAKnVGRLxs8+bN39q3b9/fVR0GquIJO/ReajabF0fEH4SjUoBeufLgwYOv3Lt378Gqg0C/KezQQ9u2bTt1aWnpioj46aqzAKxBX4iIn+t0Ol+sOgj0k8IOPbJ9+/ZHHz58+KqU0lOqzgKwhn0n5/ycbrc7U3UQ6BeFHXpg27Zt5ywtLX0yIh5XdRaAAXB3SukF7Xb7Y1UHgX5wdAorNDk5+ZNFUVwTEZuqzgIwINZFxAs3btx4y/79+x2jsuYp7LACrVbrgpzzxyPitKqzAAyYRkrpOZs3b0779u2brjoMlElhh2WamJh4TkR8NCJOqDoLwIBKETG1adOmof37919bdRgoi8IOyzA5OTkR95b1h1WdBYD4F5s2bbpj//793aqDQBkcncJxarVaT8o5fyYiTq06yzFYjIgvp5Suj4ivFEVxU0R8I6V0e0rp9pzzPUNDQ177DQPs8OHDI+vWrTuxKIqTi6I4o9FoPDrn/NiU0mNzzk+KiHNjdTycKHLO/6bb7X6g6iDQawo7HIdWq/WYnPNMRJxVdZYHcTgi9kTENY1G49p169Z1pqen76k6FLB67dixY+jmm2/+541G42k556ellM6PiJOqzvUgFnLOz+52u1dXHQR6SWGHYzQ2NnbGyMjI7oj40aqz3M89EfHRnPP77r777k97CyBQpqmpqeFDhw5NpJRenFJ6YUScXnWm+/luURRPm52dnas6CPSKwg7H4Nxzzx05+eSTpyOiWXWW+6SUdkfEFSMjIzunp6cPVJ0HGDxHfjb+VES8NO59w/O6iiPd51uLi4s/ed111+2rOgj0gsIOx6DZbP5RRLy+6hwRkSPiY41G400zMzOOq4Da2LZt2+bFxcVfTym9Imrwmfecc/fw4cPnz83NHa46C6yUwg5HMTEx8TMppQ9Htf++LEXEByPi9zudzvUV5gB4SFu2bHnU8PDwr0XEK6P6z7q/udPpvLHiDLBiCjs8hC1btmwaHh7+bFT7Gc2/yzm/qtvtzlaYAeC4bN++/dGLi4tviYiXVBgj55yf2+12/7rCDLBiCjs8iKmpqeH5+fnpiJisKMKBiPi9jRs3Xrpz586lijIArMjk5OTTiqJ4e0Q8saIIt0XEUzudzjcq2g8r1qg6ANTVwsLCm6K6sv7h4eHhJ3Q6nUuUdWA1m5mZuXbDhg1PjYg3R0RRQYRHRMT7duzY4WWRrFqesMMDGB8fH2s0GrPR/7cBL6aUfrvdbv9B3HtgCrBmtFqtC3LO74uIR/V7d0rpV9vt9jv6vRd6wRN2+GGNlNKl0f+yfnNK6fx2u/2WUNaBNajdbl+TUnpKSulT/d6dc/797du3P7rfe6EXFHa4n2az+YqU0kSf185ExFPb7Xanz3sB+qrdbn/rrLPOelZEvKvPq09eXFz8/T7vhJ7wkRj4Plu3bj19eHj4iznnM/q49m8WFhZeODc3d3cfdwJUrtVq/WbO+c19XJlzzhd0u93pPu6EFfOEHb5Po9H4b30u61cuLCz8rLIODKJ2u/2WlNKvRv+OUVNK6dKxsbG6vJEVjomLaTii1Wo1I+JPok9/eUop/Y9Op/OKW2+91bfAAANr3759123evPnrEfGvoz8/fx85NDT07f3793tbNKuGJ+xwRM75P0X/Pib24bPOOus14bgUINrt9pUR8Zo+rnzj2NjYCX3cByviCTtERKvV2hIRfTlGyjlfe+qppz7vIx/5yOF+7ANYDfbv33/d5s2bT4j+vP/ixEaj8c39+/fv6cMuWDFP2CEics6/1adVnx0aGnruVVddNd+nfQCrRrvdfkNEXNmPXY1G4zfOPffckX7sgpVS2Bl4ExMTT4yIn+nDqgNDQ0PPn5mZ+W4fdgGsRnl0dPSiiPhs6Yty3nTyySe/pOw90AsKOwMvpfTb0Z9/F161e/fur/VhD8CqNT09fU9RFC+MiH483Hjj1NTUcB/2wIoo7Ay0Vqv1uIh4YR9Wvb3T6by/D3sAVr3Z2dm/Tym9qg+rHjc/P/+CPuyBFVHYGWg551+O8o+vP79hw4ZfL3kHwJrSbrffG/35PHs//sMAVkRhZ5A1IuLFJe/IOefXODIFOH5LS0uvj4jbS17TOvLXVqgthZ2BNT4+/vSI2Fjymiu8Ahtgefbs2XN7zvl3Sl6Tcs7/tuQdsCIKOwOr0WiU/e0Adw4PD7+x5B0Aa1q3231XRMyWvOYl0b8X58FxU9gZSOedd96JEfG8ktf8h127dt1a8g6Ata5oNBqvK3nH41ut1kTJO2DZFHYG0kknnfSzEXFSiSu+GRGXlTgfYGDMzMx0I+KTZe4oiuLny5wPK6GwM5ByzqUem6aU/rjT6RwqcwfAIEkpvank+S/csWNH2d8aBsuisDNwjryK+vwSV9wxPz//zhLnAwycdrv9mYjYVeKK02+55Zanljgflk1hZ+CcdNJJWyPixLLmp5QunZubu6Os+QCDqtFovLnM+UtLSxeUOR+WS2Fn4DQajTJ/IOdGo/GnJc4HGFgzMzN/m1LaV9b8lNJUWbNhJRR2BtHTSpy9a/fu3V8rcT7AICuKovhfJc7fPjY2tq7E+bAsCjsDZWpqan1ElPbVXTnnfrxGG2Bg5ZyvKHH8SSMjI1tKnA/LorAzUA4fPtyMiPUljb9n/fr1f1nSbAAiYnZ29gsR8dmy5qeUfI6d2lHYGShFUWwvcfzV09PTB0qcD0BE5JxLeziSc95W1mxYLoWdQfOUsgbnnK8pazYA39NoNK4tcXxpvydguRR2Bs15ZQ0u+RcIAEeMjIxcFxF3ljT+Udu3b39ESbNhWRR2BsZ55513YkScU9L429vt9t6SZgPwfaanpxejxJcoLS0tPbms2bAcCjsD48QTTzwnyvv//GcioihpNgD3k1Iq86+ajy9xNhw3hZ2BkXM+u8Tx15U4G4D7KYpirqzZJf++gOOmsDMwGo3GY0scf32JswG4n5RSmR9DPLvE2XDcFHYGRs55Y1mzU0o3ljUbgB/W6XS+HRHfKmn8Y0qaC8uisDNIHlnS3KX5+fmbS5oNwIO7qaS5viWGWlHYGSSnlTT31rm5ucMlzQbgQaSUvl7S6NNLmgvLorAzSM4oY2hK6ZtlzAXgoeWcbytp9KlTU1PDJc2G46awM0geXsbQnPPtZcwF4KGllMr6+ZsOHTp0Qkmz4bgp7AySdSXNLettewA8hKIo7ihr9sjIyGhZs+F4KewMklJ++KaU5suYC8BDazQapf38XVxcHClrNhwvhZ1BUsoP35zzYhlzAXhoOefSCvvQ0JAn7NSGws4gSWUMzTkXZcwF4KhyWYOXlpZ0JGrD/xkBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhBwCAGlPYAQCgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhBwCAGlPYAQCgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhBwCAGlPYAQCgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhB37A5OTkxNatW59QdQ4A4F4KO/ADlpaWnj40NPSlZrO5u9ls7piamhquOhMADDKFHXgwkxHxwfn5+X+YmJh48/j4+MaqAwHAIFLYgaM5M6X0m41G46vNZvODExMTF1YdCAAGiT91A8dqJCJ2pJR2NJvNGyPiXQcPHrx87969B6sOBgBrmSfswHI8MSLeeuKJJ97SbDbfNTk5eW7VgQBgrVLYgZU4OSIuKori845UAaAcCjvQKz9wpNpsNs+qOhAArAUKO9BrZ6aUfjMivuZIFQBWzp+ugbI4UgWAHvCEHegHR6oAsEwKO9BPjlQB4Dgp7EBVHKkCwDFQ2IGqOVIFgIfgT9FAXThSBYAH4Ak7UEeOVAHgCIUdqDNHqgAMPIUdWC0cqQIwkBR2YLVxpArAQPGnZWC1cqQKwEDwhB1YCxypArBmKezAWnLfker1zWbzU45UAVgLFHZgLUoRcWEcOVJttVq/12q1Hll1KABYDoUd+AHr1q3705zzf4mIf6w6S4+cmXP+3Zzzza1W672tVqtZdSAAOB4KO/ADdu3adWu32/2dO++88zER8YKIuDoicsWxemE05/xvc87tZrP5d61W66LzzjvvxKpDAcDRKOzAA7rhhhsWOp3Ozk6n84yI+PGc89si4q6qc/XIU3PO73KkCsBqoLADR9XpdL7Y7XZfWxTFWSmlX46Iz1edqUccqQJQewo7cMxmZ2fvbLfbl3U6nScXRbE9InZGxGLVuXrAkSoAtaWwA8syOzu7u9PpvGB4eHhzSukNEbG/6kw9ct+R6j5vUgWgDhR2YEV27dp1a7vdfsudd975uPjekepacN+bVD/lSBWAKinsQE/c70j1iWv5SHV8fPzHqw4EwOBQ2IGeW+tHqo1G4/OOVAHoF4UdKI0jVQBYOYUd6AtHqgCwPAo70FeOVAHg+CjsQCUG5Ej1G45UAVgphR2o3Bo+Uj0lHKkCsEIKO1Abg3Skun379kdUHQqA1UFhB2pprR+pLi4u7nekCsCxUNiBWhuQI9U5R6oAPBiFHVgV1viR6k84UgXgwSjswKrjSBWAQaKwA6uWI1UABoHCDqwJjlQBWKsUdmBNcaQKwFqjsANrkiNVANYKhR1Y8x7gSPWGqjP1iCNVgAGgsAMD4/uOVJ/kSBWA1UJhBwbSfUeqjUbjMY5UAagzhR0YaDMzM7c4UgWgzhR2gHjQI9WDVefqEUeqAKuYwg5wP/cdqY6Ojm6MiNenlL5cdaYeue9I9fpms3nV5OTk06oOBMDR+TYBgAcxPT19ICLeGhFvHR8f39ZoNC6OiOfF6v/Z2YiIf1UUxVJEXFt1GAAemifsAMdgDR+pAlBzCjvAcVjDR6oA1NRq/7MuQCVuuOGGhbj3e9x3TkxMPDEifiWl9PKI8E0sAPSUJ+wAK9Ttdm888ibVM1fTm1RzzqnqDAAcnSfsAD0yOzt7Z0RcFhGXrbEjVQAq5Ak7QAke4Ej1G1VnAmB1UtgBSvR9R6rnhCNVAJbBn2kB+sCRKgDL5Qk7QJ/dd6QaEc2IuKmqHCklR6cAq4An7AB95iAVgOPhFwVAH0xOTj485/zinPNrIuJJVecBYPVQ2AFKNDk5+aNLS0v/riiKX46IDVXnAWD1UdgBemzHjh1D+/bt+6mU0sVFUTzdZ8UBWAmFHaBHtmzZ8qh169b9wv79+1+VUtpcdZ5j4D8kAFYBhR1ghcbHx8cajcZrI+JFOed1VecBYG1R2AGWYWpqav38/PwLcs6/llJ6StV5AFi7FHaA4zA+Pv4jKaWXz8/PvyIiTvPxdADKprADHF1jYmLigpTSayPi2eGz3wD0kcIO8CBardYji6L4pUaj8Ss5501V5+mhu3PO70sp/UnVQQA4OoUd4H6OHJFelHN+SUrpYTnnqiP1yldSSpcvLi5evmfPnturDgPAsVHYASLiWc961uiBAwd+JiJeHxHNqvP0UBER10TEZRs3bvzQzp07l6oOBMDxUdiBgdZqtR5XFMUrDhw48EsRcXrVeXroQM75iqIo3rpnz56vVx0GgOVT2IFBdN8R6UU5559NKQ1VHahXUkpzEXHZ/Pz8e+fm5u6uOg8AK6ewAwNjbGzslJGRkZdFxMURcU7FcXppPiI+mnO+pNPpzFQdBoDeUtiBNe++I9KI+PmIOKHqPD30jZTS5fPz85fOzc39U9VhACiHwg6sSd93RHpRRFxYdZ4e+n9HpKOjo381PT29WHUgAMqlsANryuTk5Jk554sOHDjwqoh4RNV5euiOiPhAURSXzM7OfqHqMAD0j8IOrAVpYmLi6Smli4qieF6srZ9tn00pvfOuu+563969ew9WHQaA/ltLv9SAATM+Pn7y0NDQi3LOr42IH686Tw8tRMRHcs6Xdbvdq6sOA0C1FHZg1Wk2mz+Wc35lSunlOecTq87TQ7fmnK/IOV86Ozu7v+owANSDwg6sCueee+7IySef/Nw4ckSaUqo6Ui/NRMQljkgBeCAKO1Br27dvf/TS0tJLc86vjoiNVefpoe9GxPtTSn/Sbrc/X3UYAOpLYQdqaXx8fFuj0bh4cXHxX0fEuqrz9NCXIuJ/jI6Ovmd6evquqsMAUH8KO1Abk5OTD885v/jI0/QnV52nh5Yi4qqc8yXdbvfTEZGrDgTA6qGwA5XbunXrExqNxi8WRXFRRJxadZ4e+sec858PDw+/Y/fu3TdXHQaA1UlhB6rSmJiYeHZK6eKIeHpErJkr0pTSXM75bQsLC++fm5s7XHUeAFY3hR3oq/Hx8X82NDT0spzzqyJic9V5euieiNg5NDT0h7t37/5c1WEAWDsUdqAvxsfHxxqNxmsj4kU557V0RPr3KaX35Jzf3el0vl11GADWHoUdKM3U1NT6+fn5F+Scfy2l9JSq8/RQERHX5Jzf1u12/yYckQJQIoUd6Lnx8fEfSSm9fH5+/hURcdoaesnRt3LO/zMi3tntdm+qOgwAg0FhB3qlMTExcUFK6bUR8exYY0ekEXFZzvnKbrd7qOo8AAwWhR1YkVar9ciI+Hc551+JiLMrjtNL8xHx0ZTSH7fb7U7VYQAYXAo7sCxHjkgvyjm/JCIeVnWeHvpqSundi4uLl+/Zs+f2qsMAgMIOHLNnPetZowcOHPiZiHhdRLSqztNDRURcExGXbdy48UM7d+5cqjoQANxHYQeOqtVqPa4oilfccccdL4+IM6rO00N3HHkT6SW7d+/+WtVhAOCBKOzAg7nviPSinPPPppSGcl4b31543xHp/Pz8e+fm5u6uOg8APBSFHfgBzWbztIh4eUT8SkScU3GcXronIj4YEW9vt9t7qg4DAMdKYQd+QM75lSml/1J1jh66JaX07qGhobfv2rXrtqrDAMDxUtiBtShHxKcj4rLR0dG/mp6eXqw6EAAsl8IOrCV3RsRfNBqNt83MzNxQdRgA6AWFHVgLvhgR7zx48ODle/fuPVh1GADoJYUdWK0WIuIjOefLut3u1VWHAYCyKOzAanNrzvmKnPOls7Oz+6sOAwBlU9iB1WImIi5ZWFj48Nzc3OGqwwBAvyjsQJ19NyLeHxGXdjqd66sOAwBVUNiB2kkpfTki/rTRaFy2e/fu71SdBwCqpLADdVFExMdzzpd0Op1Px73fpQ4AA09hB6r2zZzznw0PD79j9+7dN1cdBgDqRmEHKpFSmouIy0ZGRq6Ynp6+p+o8AFBXCjvQT/dExM6hoaE/3L179+eqDgMAq4HCDvTDV1JKl+ec393pdL5ddRgAWE0UdqAsRURck3N+W7fb/ZtwRAoAy6KwA712IOd8RUT8cbfbvanqMACw2insQE/cd0Sac76y2+0eqjoPAKwVCjuwEvMR8dGIeGu73W5XHQYA1iKFHViOr6WULpufn3/P3NzcP1UdBgDWMoUdOFZFRFwTEZdt3LjxQzt37lyqOhAADAKFHTiaOyLiAznnt3a73RurDgMAg0ZhBx7M36WU3jU/P//eubm5u6sOAwCDSmEHfsDQ0FA7IpozMzPdqrMAAAo7cD8zMzPXVp0BAPieRtUBAACAB6ewAwBAjSnsAABQYwo7AADUmMIOAAA1prADAECNKewAAFBjCjsAANSYwg4AADWmsAMAQI0p7AAAUGMKOwAA1JjCDgAANaawAwBAjSnsAABQYwo7AADUmMIOAAA1prADAECNKewAAFBjw1UHAKA627ZtO7UoiidXnYP+KYritm63e2PVOYBjp7ADDLClpaWtEfG3Veegf1JKH4qIn6s6B3DsfCQGAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhBwCAGlPYAQCgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpsuOoAAFSn0+l8ampq6mFV56B/vvvd7y5VnQE4Pgo7wGArpqen76k6BAAPzkdiAACgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhBwCAGlPYAQCgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhBwCAGlPYAQCgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhBwCAGlPYAQCgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhZ2CklBZLmjtUxlwAjmpdWYNTSofLmg3HS2FnYOScF0qaO1LGXAAeWpk/fw8fPjxf1mw4Xgo7g6SUH76NRuOEMuYCcFQPK2vw8PBwKQ95YDkUdgbJPSXNPa2kuQA8hEajcXqJ4w+VOBuOi8LOIPlOGUNzzmeUMReAh5ZzLquwH+p0Ogo7taGwMzBSSv9U0uizSpoLwEPbVMbQEn9fwLIo7AyMoihuL2n0w7du3Vrmn2UBeGCPLWNozrms3xewLAo7AyOl9I9lzR4aGnpcWbMB+GFTU1PDEbG5pPGl/b6A5VDYGST/UOLsJ5c4G4D7OXTo0BMiYrSM2Smlr5cxF5ZLYWdgNBqN0n4A55zPK2s2AD8spVTag5KiKG4qazYsh8LOwFhcXCytsKeUxsuaDcAPSyltL3G2J+zUisLOwJidnf1GRBwoafxPjI2NeYESQP9cUNbgnPPny5oNy6GwM0hySqmsH8Lr1q1b1yppNgDfZ8uWLY+KiB8rafz84cOHv1LSbFgWhZ2BUhTF3rJmp5SeWdZsAL5neHj4gohIJY2/cW5u7nBJs2FZFHYGzWdLnP2cEmcD8D1lPiCZK3E2LIvCzkDJObdLHP+jrVZrS4nzAQZes9l8WEQ8t6z5Oedry5oNy6WwM1BmZ2dvjIhvl7jiJSXOBiDieRFxSlnDU0rTZc2G5VLYGTQ5Ijolzn/x2NjYuhLnAwy6ny9x9pc6nc43SpwPy6KwM3BSSp8sa3bO+YzR0dGfKms+wCA78u0wzyhxhY/DUEsKOwMnpfSJMufnnF9X5nyAQTU8PHxxRAyXuOKaEmfDsinsDJyZmZkvRcRXS1wxNT4+vq3E+QADZ2xs7JSIeGWJK3JRFJ8pcT4sm8LOoPqrMoc3Go03lDkfYNCMjo6+JiI2lLiiPTs7+80S58OyKewMpEaj8Wclr3j2xMTET5S8A2AgnHfeeSfmnC8uec2VJc+HZVPYGUgzMzM35Jw/V+aOlNJ/LXM+wKA46aSTfiMiHlHiivmI2FnifFgRhZ2BlVJ6b8krntlqtX6u5B0Aa1qr1Xpczvk3S17zsU6nU+Y7OmBFFHYG1vDw8PsiYqnMHTnnt05NTZ1U5g6AtSznfElErC95jY/DUGsKOwNr165dt0bEp0tes3FhYeF3St4BsCY1m83nRcSzS17z7Q0bNlxV8g5YEYWdQfdnZS/IOb++2Wy2yt4DsJa0Wq1HRsSlfVj1v6666qr5PuyBZVPYGWgbN278YER8rINEGgAACCJJREFUpeQ161JKf7F169bTS94DsFY0cs5XRMSZJe9ZiohLSt4BK6awM9B27ty5lHP+w7L35Jw3DQ0N/XlEpLJ3Aax2ExMTb4iIZ/Zh1fs6nU7ZD21gxRR2Bt6pp576PyPilj6senar1fq1PuwBWLVardb5KaX/2IdVRc75zX3YAys2VHUAqNpXvvKVpc2bN6eI+Jd9WPf0zZs3f2Hfvn1f6MMugFWl2Ww+PiL+NiIe3od1/7vb7b6jD3tgxTxhh4i466673hkRt/Vh1VDO+X0TExMX9mEXwKoxOTl5ZkR8KiIe2Y99RVF4us6qobBDROzdu/dgSultfVo3klL6y/Hx8fP6tA+g1rZt23ZqURSfiIiz+7TyY7Ozs3N92gUrprDDEfPz838UEf/Qp3WnNBqNTzSbzSf3aR9ALTWbzdMWFxc/HhFP6tPKhZzzb/RpF/SEwg5HzM3N3R0Rr+vjykdFxGdardb5fdwJUBtHPgZzbUppoo9r/6jb7d7Yx32wYgo7fJ9Op/PhiPibPq7ckHP+ZKvVen4fdwJUbmJi4olFUXQiom8fD0wp7RsdHX1Tv/ZBryjscD9DQ0OvjYhDfVw5mnP+i2az+drwPe3AABgfH39GSml3RGzu596iKF43PT19Vz93Qi/4Wke4n5tvvvk7GzduHE4pTfVxbSMi/tWmTZv++dlnn/2Jm2+++Z4+7gboix07dgxt2LDhd1NK746IE/q8/pPdbvf/6/NO6AlP2OEBrF+//i0ppS9XsPq5S0tLc61Wa0sFuwFKMzk5eeb+/fuvyTn/bvS/f9wdEb/a553QM/78Dg9iYmLiJ1JK7YgYrWD9QkS8JSJ+v9Pp9PPjOQC9liYmJn6h0Wj8t5zzGRVl+KVOp/OeinbDiins8BCazearI+JPKozwtZTSxe12+2MVZgBYlsnJyR8tiuLtEfH0qjKklD7QbrdfVNV+6AWFHY5iYmLiL1NKP1dxjA9HxBs7nc4XK84BcFTbt29/xOLi4m9FxKsjYriqHCmlL4+MjIw5NGW1U9jhKKampjbMz8/PRcQ5FUcpIuLjKaX/1G63r6s4C8APGR8f/2cppdenlF4T/T8qvb97IqLV6XQ+W3EOWDGFHY5Bq9XaknPeHREjVWeJiBz3Fvc/arfb03FvkQeoTKvVelLO+dUR8bKo5u7nh+ScX9ntdt9ZdQ7oBYUdjlGz2fzFiLg8avTvTUppX875vTnnK725D+inLVu2PGpoaOjFKaWXRMRTq85zP5d1Op1frjoE9EptigesBs1m840R8V+rzvFAUkpzEfG3OedrI6Lt22WAXtqxY8fQLbfc8tSlpaULGo3GhTnnC6Ke73P58MaNG5+/c+fOpaqDQK8o7HCcJiYmLkkpXVx1jqOYj4huznlXSmlvo9HYe+DAga/fcMMNC1UHA1aFRqvV2pRSOjfn/OSIaOWcz4+IDVUHO4rPjI6OPnN6etrL51hTFHY4fo1ms/neiHhx1UGOU5FS+kbOeX9E3H7kn/mIuDvnPF9tNKAiwymlh8e9T8pPP/LPoyNic9TjZud4XD86Onr+9PT0gaqDQK9V9lVLsIoVCwsLvzAyMnJaRDyz6jDHoZFz3hQRm+7/P6Tkv92BVW3/4uLiszudjrLOmtTvVwPDmjA3N3d4dHT0+RFxddVZAAbc1yPiadddd92+qoNAWep4LAKrwk033bRwyimnfGBkZORHUkpPqjoPwAC6oSiKp3e73ZuqDgJlUthhBW677bal/fv3f2jz5s0Pj4hm1XkABsj/WVhYeMZ11113W9VBoGwKO/TAvn37Prl58+Z7IuLp4ZgboGwfiYjn7dmz566qg0A/KOzQI/v27ZvZvHnzrRHxrHAfAlCWd27cuPFln/jEJ3xNLQPDk0DosVartSXn/IGIeGzVWQDWkHsi4g2dTueSqoNAvynsUIKtW7eePjQ09GcR8dNVZwFYA74YES/odDrXVx0EqqCwQ3lSs9m8OCL+IFbfC0gA6uLKgwcPvnLv3r0Hqw4CVVHYoWStVquZc35/RDym6iwAq8hdEfGrnU7niqqDQNUcnULJ9u3bt//xj3/85UtLS+siYmv49w7gaD60uLj4nNnZ2V1VB4E68IQd+mjr1q1PGB4evjTn/IyqswDU0FcbjcbFMzMzH686CNSJwg4VmJiYeE5K6R0RsbHqLAA1sJBz/uP169f/3vT09D1Vh4G6UdihImNjY6eMjo7+Vs75VRFxUtV5ACqwFBEfTCn9Trvd/mrVYaCuFHao2Pj4+MlDQ0OvzDn/+4g4reo8AH1wOCL+otFovGlmZuZLVYeBulPYoSampqZOmp+ff3lE/PuIOLPqPAAlmI97n6j/R0/U4dgp7FAzY2NjJ4yOjr4s5/yyiNhSdR6AHrgpIq5cXFx8x3XXXfePVYeB1UZhhxprNps/llJ6Uc75JRFxTtV5AI7DHRHx0ZzzFd1u99MRkasOBKuVwg6rQ2NiYuL8iHhpo9F4Ts75jKoDATyAu1NKV+ec3zs6OvrXvvEFekNhh1Vo27Zt5xRFcWHO+cKIuDAiTq06EzCQFlNKnyuK4uqIuHr9+vW7lXToPYUdVrkdO3YM7du37ydTSk/LOf9ko9F4cs75ceGNqkDv7Y+I61NKn11aWppeXFycmZubu7vqULDWKeywBjWbzYdFxI/lnB8bEWc3Go2zi6I4M6V0ekScERGnR8T6uPdnwIYKowLVuyvu/ZrFxYi4PSJuTyndXhTFNyPippTS11NKNzUajS/u3r37O5UmhQH1fwFiYtgzpiU5kgAAAABJRU5ErkJggg==", ++++ "url": "https://github.com/crowdsecurity/cs-custom-bouncer", ++++ "description": "CrowdSec bouncer to use custom scripts", ++++ "stars": 1, ++++ "downloads": 81, ++++ "readme_content": "PHAgYWxpZ249ImNlbnRlciI+CjxpbWcgc3JjPSJodHRwczovL2dpdGh1Yi5jb20vY3Jvd2RzZWN1cml0eS9jcy1jdXN0b20tYm91bmNlci9yYXcvbWFpbi9kb2NzL2Fzc2V0cy9jcm93ZHNlY19jdXN0b21fbG9nby5wbmciIGFsdD0iQ3Jvd2RTZWMiIHRpdGxlPSJDcm93ZFNlYyIgd2lkdGg9IjI4MCIgaGVpZ2h0PSIzMDAiIC8+CjwvcD4KPHAgYWxpZ249ImNlbnRlciI+CjxpbWcgc3JjPSJodHRwczovL2ltZy5zaGllbGRzLmlvL2JhZGdlL2J1aWxkLXBhc3MtZ3JlZW4iPgo8aW1nIHNyYz0iaHR0cHM6Ly9pbWcuc2hpZWxkcy5pby9iYWRnZS90ZXN0cy1wYXNzLWdyZWVuIj4KPC9wPgo8cCBhbGlnbj0iY2VudGVyIj4KJiN4MUY0REE7IDxhIGhyZWY9IiNpbnN0YWxsYXRpb24vIj5Eb2N1bWVudGF0aW9uPC9hPgomI3gxRjRBMDsgPGEgaHJlZj0iaHR0cHM6Ly9odWIuY3Jvd2RzZWMubmV0Ij5IdWI8L2E+CiYjMTI4MTcyOyA8YSBocmVmPSJodHRwczovL2Rpc2NvdXJzZS5jcm93ZHNlYy5uZXQiPkRpc2NvdXJzZSA8L2E+CjwvcD4KCgojIGNzLWN1c3RvbS1ib3VuY2VyCkNyb3dkc2VjIGJvdW5jZXIgd3JpdHRlbiBpbiBnb2xhbmcgZm9yIGN1c3RvbSBzY3JpcHRzLgoKY3MtY3VzdG9tLWJvdW5jZXIgd2lsbCBwZXJpb2RpY2FsbHkgZmV0Y2ggbmV3IGFuZCBleHBpcmVkL3JlbW92ZWQgZGVjaXNpb25zIGZyb20gQ3Jvd2RTZWMgTG9jYWwgQVBJIGFuZCB3aWxsIHBhc3MgdGhlbSBhcyBhcmd1bWVudHMgdG8gYSBjdXN0b20gdXNlciBzY3JpcHQuCgojIyBJbnN0YWxsYXRpb24KCiMjIyBXaXRoIGluc3RhbGxlcgoKRmlyc3QsIGRvd25sb2FkIHRoZSBsYXRlc3QgW2Bjcy1jdXN0b20tYm91bmNlcmAgcmVsZWFzZV0oaHR0cHM6Ly9naXRodWIuY29tL2Nyb3dkc2VjdXJpdHkvY3MtY3VzdG9tLWJvdW5jZXIvcmVsZWFzZXMpLgoKYGBgc2gKJCB0YXIgeHp2ZiBjcy1jdXN0b20tYm91bmNlci50Z3oKJCBzdWRvIC4vaW5zdGFsbC5zaApgYGAKCiMjIyBGcm9tIHNvdXJjZQoKUnVuIHRoZSBmb2xsb3dpbmcgY29tbWFuZHM6CgpgYGBiYXNoCmdpdCBjbG9uZSBodHRwczovL2dpdGh1Yi5jb20vY3Jvd2RzZWN1cml0eS9jcy1jdXN0b20tYm91bmNlci5naXQKY2QgY3MtY3VzdG9tLWJvdW5jZXIvCm1ha2UgcmVsZWFzZQp0YXIgeHp2ZiBjcy1jdXN0b20tYm91bmNlci50Z3oKY2QgY3MtY3VzdG9tLWJvdW5jZXItdiovCnN1ZG8gLi9pbnN0YWxsLnNoCmBgYAoKIyMjIFN0YXJ0CgpJZiB5b3VyIGJvdW5jZXIgcnVuIG9uIHRoZSBzYW1lIG1hY2hpbmUgYXMgeW91ciBjcm93ZHNlYyBsb2NhbCBBUEksIHlvdSBjYW4gc3RhcnQgdGhlIHNlcnZpY2UgZGlyZWN0bHkgc2luY2UgdGhlIGBpbnN0YWxsLnNoYCB0b29rIGNhcmUgb2YgdGhlIGNvbmZpZ3VyYXRpb24uCmBgYHNoCnN1ZG8gc3lzdGVtY3RsIHN0YXJ0IGNzLWN1c3RvbS1ib3VuY2VyCmBgYAoKIyMgVXBncmFkZQoKIyMgVXBncmFkZQoKSWYgeW91IGFscmVhZHkgaGF2ZSBgY3MtY3VzdG9tLWJvdW5jZXJgIGluc3RhbGxlZCwgcGxlYXNlIGRvd25sb2FkIHRoZSBbbGF0ZXN0IHJlbGVhc2VdKGh0dHBzOi8vZ2l0aHViLmNvbS9jcm93ZHNlY3VyaXR5L2NzLWN1c3RvbS1ib3VuY2VyL3JlbGVhc2VzKSBhbmQgcnVuIHRoZSBmb2xsb3dpbmcgY29tbWFuZHMgdG8gdXBncmFkZSBpdDoKCmBgYGJhc2gKdGFyIHh6dmYgY3MtY3VzdG9tLWJvdW5jZXIudGd6CmNkIGNzLWN1c3RvbS1ib3VuY2VyLXYqLwpzdWRvIC4vdXBncmFkZS5zaApgYGAKCiMjIFVzYWdlCgpUaGUgY3VzdG9tIGJpbmFyeSB3aWxsIGJlIGNhbGxlZCB3aXRoIHRoZSBmb2xsb3dpbmcgYXJndW1lbnRzIDoKCmBgYGJhc2gKPG15X2N1c3RvbV9iaW5hcnk+IGFkZCA8aXA+IDxkdXJhdGlvbj4gPHJlYXNvbj4gPGpzb25fb2JqZWN0PiAjIHRvIGFkZCBhbiBJUCBhZGRyZXNzCjxteV9jdXN0b21fYmluYXJ5PiBkZWwgPGlwPiA8ZHVyYXRpb24+IDxyZWFzb24+IDxqc29uX29iamVjdD4gIyB0byBkZWwgYW4gSVAgYWRkcmVzcwpgYGAKCi0gYGlwYCA6IGlwIGFkZHJlc3MgdG8gYmxvY2sgYDxpcD4vPGNpZHI+YAotIGBkdXJhdGlvbmA6IGR1cmF0aW9uIG9mIHRoZSByZW1lZGlhdGlvbiBpbiBzZWNvbmRzCi0gYHJlYXNvbmAgOiByZWFzb24gb2YgdGhlIGRlY2lzaW9uCi0gYGpzb25fb2JqZWN0YDogdGhlIHNlcmlhbGl6ZWQgZGVjaXNpb24KCjp3YXJuaW5nOiBkb24ndCBmb3JnZXQgdG8gYWRkIGV4ZWN1dGlvbiBwZXJtaXNzaW9ucyB0byB5b3VyIGJpbmFyeS9zY3JpcHQKCiMjIyBFeGFtcGxlczoKCmBgYGJhc2gKY3VzdG9tX2JpbmFyeS5zaCBhZGQgMS4yLjMuNC8zMiAzNjAwICJ0ZXN0IGJsYWNrbGlzdCIKY3VzdG9tX2JpbmFyeS5zaCBkZWwgMS4yLjMuNC8zMiAzNjAwICJ0ZXN0IGJsYWNrbGlzdCIKYGBgCgojIyBDb25maWd1cmF0aW9uCgpCZWZvcmUgc3RhcnRpbmcgdGhlIGBjcy1jdXN0b20tYm91bmNlcmAgc2VydmljZSwgcGxlYXNlIGVkaXQgdGhlIGNvbmZpZ3VyYXRpb24gdG8gYWRkIHlvdXIgQVBJIHVybCBhbmQga2V5LgpUaGUgZGVmYXVsdCBjb25maWd1cmF0aW9uIGZpbGUgaXMgbG9jYXRlZCB1bmRlciA6IGAvZXRjL2Nyb3dkc2VjL2NzLWN1c3RvbS1ib3VuY2VyL2AKCmBgYHNoCiQgdmltIC9ldGMvY3Jvd2RzZWMvY3VzdG9tLWJvdW5jZXIvY3MtY3VzdG9tLWJvdW5jZXIueWFtbApgYGAKCmBgYHlhbWwKYmluX3BhdGg6IDxhYnNvbHV0ZV9wYXRoX3RvX2JpbmFyeT4KcGlkZGlyOiAvdmFyL3J1bi8KdXBkYXRlX2ZyZXF1ZW5jeTogMTBzCmRhZW1vbml6ZTogdHJ1ZQpsb2dfbW9kZTogZmlsZQpsb2dfZGlyOiAvdmFyL2xvZy8KbG9nX2xldmVsOiBpbmZvCmFwaV91cmw6IDxBUElfVVJMPiAgIyB3aGVuIGluc3RhbGwsIGRlZmF1bHQgaXMgImxvY2FsaG9zdDo4MDgwIgphcGlfa2V5OiA8QVBJX0tFWT4gICMgQWRkIHlvdXIgQVBJIGtleSBnZW5lcmF0ZWQgd2l0aCBgY3NjbGkgYm91bmNlcnMgYWRkIC0tbmFtZSA8Ym91bmNlcl9uYW1lPmAKYGBgCgpZb3UgY2FuIHRoZW4gc3RhcnQgdGhlIHNlcnZpY2U6CgpgYGBzaApzdWRvIHN5c3RlbWN0bCBzdGFydCBjcy1jdXN0b20tYm91bmNlcgpgYGAK", ++++ "version": "v0.0.6", ++++ "download_url": "https://github.com/crowdsecurity/cs-custom-bouncer/releases/tag/v0.0.6", ++++ "asset_url": "https://github.com/crowdsecurity/cs-custom-bouncer/releases/download/v0.0.6/cs-custom-bouncer.tgz", ++++ "status": "stable" ++++ }, ++++ { ++++ "name": "cs-cloud-firewall-bouncer", ++++ "author": "fallard84", ++++ "logo": "iVBORw0KGgoAAAANSUhEUgAAAQAAAAEACAYAAABccqhmAAAABmJLR0QA/wD/AP+gvaeTAAAgAElEQVR4nO3deXhV1d3o8e865+QkOZkDIQwJQ4AQQAEZFGQKJCCzghynqq9tb23f2/pW66PtbXvvS/WtVatgqx2uvtqq19sBfdtah15FHOoMVBEIyCyCEKaEISM5Z90/NmkpAjlrn33OPsPv8zx5gGQPK5uzf3vtNfwWCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQiUm5XQDhrOrqap83u6QSX7hShVV/pRgQ1pQr6A50O/nlBzKBwMndGgGt0UcU6gRQj9Z7UGovsAetd6F86zqa6re89tprHa78YiImJAAkNzVz/uVDwlpNUFpP1HguAD0MyIrR+dpQ1IFer8PqLY9Hr3z5uWe2xOhcIg4kACSZ6vlXd/eFOmai9BxgJlDiZnkU7NaaldqjXvCHjv/xxRdfbHOzPMKMBIAkULNwYTd1wrMIra4EqgGv22U6I60/RfGlFc8/s8LtoojISABIUEuWLPG8tWZ9LWG+ouFSIMPtMkWoXWt16SsvLP+L2wURXZMAkGAmLliQFwhnfklr/W9Ahdvlsam+I6AGvbZ8+XG3CyLOzed2AYSlev7V3X26/VZC6msaXeh2eaJU6msOXwE85nZBxLlJAHDZ3LnXFLWp9m8RPvFNUHlul8c5ajwSABKeBACXVFdX+3y5JV9r0+0/QFPsdnkcp3SsuiKFgyQAuKBm7qJpCs9DaD3M7bLETFhtc7sIomsetwuQTmprgwUz5i3+icKzAkjdmx+4687vjtZaX+x2OcS5SQ0gTmrmBGeh9GNa08vNcmT6/WRlZRIIBAgEsgmHw7S2ttHW3k5bWxtNTc1Rn2PKxPGMG33BAmCB1vot4B7gOaWUjvrgwlHSDRhj1dU3ZGXkHr9Ha24iDtfb78+gX3k5ZX16UVbWm/KyPpT16UVpjxJyc3LweM5d6Wtrb+fAgUMcPHSI/fsPsnPXp2zfsZNtOz6hsfFIl+cfNHAA9/7H/yIvL/f0H60FlgJPKaVCdn8/4SwJADE0ffaVA5Un/IxCj4zVObxeL1VDBjNqxHBGnX8ew4YOwe+PzZihAwcPsfajDXz40XrWrtvAvvr9f/9ZIDubObNqueHaK8nMzDzXYT4CblJKvRGTQgojEgBipHZucC7oJ4Eip4+dkZHBReNGUzt9CqNHjSA7y50G90OHG/h09x6ys7Oo6N+PjAyjwLMcKxDUx6h453TL27qYEFehmQ4MwpohuU0p3g138NQD09RON8oVbxIAYqB2TvA2lL4bhxtZh1ZVUjttCtOmTDxTFTsZHQH+HXgoHq8Fwd9rb1kvpqG5Hricf0yHPpM1KB7OUPzm3knqWKzL5hYJAA6qrq72+QLdH0TxNaeOqZRiyqQJXHPFQioG9HfqsIlmFXC1UrHpOrzlTT2cENcBN6AoNdy9FfgziicLOnhxyTSVUvkQJAA4ZPbs2ZknPDm/BxY4cTyfz8v06slctXgh5WW9nThkojsG3KiU+q0TB7v5Dd1Laa5AcT0w2oljavhMaZ5WHh5bOlmtdeKYbpMA4ID58+cHWkKZf0Ax04njVU++mP92w7WUlro61d8tTwJfVUq1mO540ws605fHTDTXAZcR2xmUdUrxxAnNYw9OUQdieJ6YkgAQpZM3/wsopkZ7rPKy3nzja19m9KgRThQtmX0AXK6U2hHJxrf+VY8Jh7kexTVYqc/iqR14SSmeOJ7NHx8eq07E+fxRkQAQhWAw6G9o5g+g50RznEy/nysWX8rVwYWmLempbB8wRyn1wZl+eNOruizDxxe05svA4PgW7awa0Cz3eHny/knqTbcLEwkJADZVV1f7fDndnyHKd/6K/v34/ne+lS7v+aaOA4uUUi8D3PK2zlYh5mnNjUANif35rVOa5crHr+6fqD5xuzBnk8gXMKHVzFv8kNJ8PZpj1E6fws1fv7GrgTNpTUPbyt3c9fx2+pys4idb/2cYWKkUT3qaeea+S1ST2wU6lQQAG2rmLb5dae6xu38gO5tvfv1GpldPcrJYKWV/C3ywH1bth8OtbpfGMUeAZ1E8sWwSr5AAcyMkABg6OcLvWWwO8inp3o0f3fF9+vUtc7hkya+lAz48CKvrYedRcP3uiK1daH7j8/HIjye6N3VaAoCBWbOu6t/h7ViNtbiGsb7lffjRHd+nR0m8G6oTV1jD1iPWTf/RQWgPu10iV7g26lACQISqq2/I8uY0vWt3Ys/Qqkp++O//I1WG8EZtz3Grev+3/XDcxY6zgA8uODnc4oMD0OzuOL8m4A8oHi+YxMolSsU8HEoAiNCMeYt/ojX/ZmffMReMZMn3biMrK70b+462w4cHYPV+2O1ivmCPgkEFMLYURnQH/8mXuZCGTQ1WbWT9IevfbonXqEMJABGYMX/xTB3mL9i4XlWVg7j3rn93bcae2zrC8HFjYtxUpQEYVwrjekCe/9zbntoeseNofMp3DjEbdSgBoAvVl11W6DvhqwPzTD79+pax9J47yM9LoWS/Edp9HFbVw98OQJPLVfyR3WFCLyiz+fZV32z9Lqv2w7F2Z8tnyPFRhxIAulA7d/GjwJdM9+verZgHfvwflPZIn/H8jW3WDf/ePjhgPJLfOT4PVBZaT/vzuoHXoU+5BrY0JkyDpSOjDiUAnMPJ7L2vYHidAtnZ/PT+u9Kiq+9EGOoOwzt7rZvDza67slwY2wPG9ICcGI+obu2A9YetYOD2700Uow4lAJyFNdS35APQ55nu+51bb6Jm2pRYFCshaKx++tUnq/htLmb4K/BbN/xFPaEk250yNLRZPQjv7IVD7g5aMh51KAHgLGrnLr4J+KnpfvNmz+CbX78xBiVyX6KMzvN5YHix1Yo/tMhq1U8EiRQYiXDUYYJcusRysuFvK4YDfir69+OnS+8i099FE3MS0Vhdd2/sgU9cTIylgEGFVhV/RHfITMwF0v+uLWS1E6zeD1vdf0XYiubRjkx+/uB49U99GhIAzqB23uI70XzfZJ/MzEx+8ZN7U2pWX9MJeGQD7HLxxi/Jtm76saVQlKTDKBrarFrB6v3uNo4Cu0Ka2p9OVVs6vyEB4DTV86/u7guf2A4Y9d198bqruebKRTEqVfyFNDzwoTViL96yfTCqxOqv758f//PH0s6j1ivUhwessQYu2OX1Mu6+iWo/yMpAn+PT7beartJbXtab4KL5sSqSK1bVx/fmV8Dgws+Pzks1/fOtr4UVrg2Q6hsOcRtwG0gA+CcTFyzII6SMM/r+61e+mHKZfFbFKVt/rxzrST8mgtF5qaSzIXN4sTW4aM3JxtW9ccgWoOEraH07SmkJAKfIDvm/DBSa7DNtykTGjRkVoxK5Z38M31WzfTCqu/W0H5BiVXw78vxQXWZ97Wu2agWr6uFY7EZQFnzrDcqWwqcSAE5asmSJ581V628y2cfn8/Llf/lCrIrkKqeH73oVDClyfnRequkZgHkDYE7/f0yTXnvQGnDlJOWhBxIA/uHNVetmgKow2Wd69eR0Td0dsc4JOBeWQm5qvSXFlEdZw5krC2HhwNglSpEA0El5voKO/NJ6PB6uWrwwhgVKXvl+awLORT2hd47bpUl+2T6Y0NP62t9sjTp0ajCWBACgZuHCbrRro+y+kyeOT6k+/2gl6ui8VNMjAJf0g5n9nBl1KAEAUCc8izBcReaaK+Tpf6o7xkNWgo/OSyUKqwF1QD7Mr4Dvvm3vOCna22pGo64y2X5YVWUqL9Rpi9z87onm2qd9AKief3V3pc2W9aqdHvUqYEIkhLR/BfDqE5cAEcdQn8/H1MkTYlgi4RYNrDtoze8PaStv4HndwJ/CtZu0DwBKM9tk+wkXjU3LFF+priMMv9oIGw//43vv7rNu/vO7WSMVKwtTr3Ez3QOAArMlvWumTY5RUYSbXtn9zzd/p/aQNUx3zX5rxN7oEisY2M0vmGjSOgDUzr2yCkIRj+Txer1cMPL8WBZJuCSSuQ/H2uH1PdZXacCapjy6R/JOU4Y0DwCa8MUmNbqqIYMJZLuUd0rEVIPhoJr6Znh+J7ywEyoKrFrByO7WoJ1kkmTFdZaH8ARtkBJh1IjhMSyNcJPd4bUa2HbE+vqvbbHJRhxLaR0AtFKjTf7nR40wzg8q0kjHyQzJdYetmkDnyMjBhYmbeSdtA0B1dbUPzdBIt/f7MxhWNSSWRRIppKXDSgG2er/VRnBBibuZi88mbQOAN7ukEnTE63X1LS/D75fpbMJcQxus3G199cuDqX1gZEli1ArSdiSgx4vR47y8rE+siiLSyCfH4IlN8JMP3V0yrVPaBgAdDhsN5i/vIzP/hHN2HYP/vd7dxVIhjQOA8iijAFAmU3+Fw3Yft6bzuiltA0BYU26yfVkf48WBhejSO/vcPX/aBgBQRqv+9OzRI1YFSUimDVQu12ST1j4HsgDbufY6TBjSOAAowkbJ/AKBBOu/iTGv4Scj5O5S2UnLictmJ2FoGFohjQMAqKJIt8z0+/F6U3hO6BlkGH4ynM5amy58DvQFdti59mFaIK0DABE/0rOyIx4ukDJMA4CtD6EwrmmdiZ1rnyE1ACJehyYdJwD5pAYQF07UAOxce0+H1AAiDgDZaRgA5BUgPrIdGFxq59o3n5AaQMQv9V4n6mlJRl4B4iPXgcH4Nq59+MHZtEN6BwBxDqYBoNVmXvp0F3CgBtBqvsx4K0ppkAAgzsI01fSx9tiUI9UFHKgBHDWfU3Ck8y8SAMQZ5RumuToqAcCWQgfSiR1tM97ls86/JP104OrqG7IyAk1VYQ9D0LpSKV0Fngq0zgFygKKTf6bR6vPRyze8WhIA7Cl2oIfZxjLiezv/knQBoLq62ufPKRmp0bUaVQvHJ2nIUp3jIbVCBqZGzzQAxHAt+5TmREJRG8E3uQJAMBj0Hm5iOkpfr2BhGH1yzVm50WNFagDx4UQNIGUDwPQ5i/p58fz3hmb9BaWQjBxxZFwDkABgzO9xpg3AtPal4O9zEBMyANTOvbxCKfVNrfmqhiTOup68TAPAwVarPpYIaa6SRc+c6K+XBg63GO+0p/OvCRUAps++cqBHdfwQVFBr6aFwU16G9eGM9CWrPQSNbcm9SEa89QxEf4yGVmg3HAikVYLVAILBoL+xWd+iCS0BlXAzb/LzUmQdKAM+DxRlwWGDBTPqmyUAmHAiANQ3m++TqdjS+XfXn7I1c4KzGpr1Bg13Awl38wMMqhjgdhFcUWr4Ad1v48OYzpxYX9A0AGj47O7JqqHz367VAILBoL+xRf9Ya30TCfzq6PF4qK2Z6nYxXNEzcOYFM8+m3vRdNI15FJQ7sMi06TVXUHfqv10JALVzL69oaNa/A8a6cX4TwUUL6N/XKH1gyughNYCY6Z0DmQ7kmDF+BdAuB4DaucG5oJ8CCuJ9bhMej4fgogV86fqr3S6Ka0zfUfc2SU9ApAbkR38MjY0AoNh46j/jGgBmzAneoNGPxOO8mZmZZGVlEsjOJicngFKRfSzz83IZVDGAGTXV9OtbFuNSJrbSgFlPQHMHHGiBHumXPsFYhQOPv/pmawkyE2G3agA18xbfrrW+mxg8IMr69GLUiPMYNLCCsj69KC/rQ3FRodOnSTtZXijItLr3IrXzqASArniUtWBotHYeNd/HF3YhANTOXXw3mm87dTylFOcPH0rt9KmMGzOK7t2KnTq0OE2vHPMAcGFp7MqTCspznZkG/Mkxs+01fHb/NHXw1O/FPADUzFt8u1M3f0F+HgvmzeKS2mmU9jDK6i1sGpBv1hOw0/BDmY6qIs5HfW6mNQAFb53+vZgGgBlzgjecrPZHpbi4iOCiBcybNYOsLBlpEk+mjVX1TdZ7aXZCDDFLTEMdqLC2dNjoddFxDAA1cxbP00o/QhTv/D6fl4UL5nLdNUGysxJyjFDKK88Dr4p8EUuNVTV16imXagoznen/33nMfC5sWPP26d+LSQConXt5BfBkNMcfWlXJt276Kv379XWuYMKY32ONWDN539zSKAHgbEaVONMKvrmh621O01Sk+eD0bzo+FHjMmBszUJ6nAFvtnEopFi6Yw9K7fyA3f4Lob/gaUGfQZpBuRhitSHl2Nq7xe0umqc91GjpeAyjudfg+rRlvZ99AIJvv3nYzF40b7XSxRBQG5MPre7rerlN9MxxqhW7y1vZPirOgnwMDgA61WuMtTJypARAcrgHUzAnO0pqb7OxbWFjAfT9aIjd/AhqQb15tNek5SBcXljpT/bdTwwrFOgBUV9+QpZR+EBu/Y2mPEh64904GD6xwqjjCQXl+6GM4c22T+TtqSlPAGIdWmLcRXJtbAvz1TD9wLAD4co9/Bxhkul9BQT4/uuP79Ondy6miiBgYbth1taXRPFFFKhtU6MwrUXsIth7pervTvPzwWHXGTkNHAsD02VcOtDPYJ5CdzY9+8D3Ky3o7UQwRQ8MMG69OhOFjqQX83USHnm8bG8yXAtPw3Nl+5kgAsNJ4mSXzUErx3dtvZvAgqfYng7JcKDDME7hmf2zKkmyKMuE8h1r/bVxT7ffwwtl+GHUAuGRBcBBKLTbdL7hovjT4JRGF+Qi2usPms9VS0ZQ+1gSgaDV32GpbWXXvJPXZ2X4YdQAIdejvYrDSLliDfL543TXRnlrEmWk7QEcY1h7sertUlul1bnLUhwdsrASs+fO5fhxVAJh56VXlKL5gso/X6+Xmb9yIz+dAOhQRV4OLzFcNTvfXgEm9nZsXYedaKnj+XD+PKgDoEx3fwHDNvUWXzqWif79oTitc4vfAMMNawPYjZpmFU4nfC1MdWs6moc3W/P/NS6fw4bk2sB0AgsGgVxs+/YuLi7jumqDdU4oEMM6wOquB1WlaC5jYC3IznDnW+/tsLYT3OEqdczfbAaCxVdeA2XJdwUULZFZfkqsqsgYGmXh7b+SzCVNFpheqHXr6hzS8va/r7U4TVponu9rIdgAIh7nOZPv8vDzmzqq1ezqRIDwKRhvmYjnann6NgdPLzAPl2XxwwNbaiyuXTlWfdrWRrQAQDAb9Chaa7HPp/Fny9E8Rdlq13zxrR1Tqyfc79+4P9q6dgscj2c5WADjSFBoP5ERcGKWYWVNt51QiAfXKgT4R/+9bdh6FXWmSLmx2f6sB0Ak2r9vx1hB/jGRDWwEg7PFMN9l+xHnD6Fnq0EwIkRBMGwMhPWoB5bkwzsGPus1rtvzn09TxSDa0FQC0VtNMtq+ZNsXOaUQCG1tq/pT74IBZhuFk41EQHOzMqD+wuv5stp38MtINjQPAhGAwW6EvMtln7OiRpqcRCS7gM3/ShTSs6LJZKnlN7OXMgp+dXt5lo/dE8ddlU9T7kW5uHABymxgCRJyat6xPL0q6OzQTQiSUKX3Mkz+8ty81BwYVZlrv/k5paINV9bZ2XWaysXEACHsYYrL9qBHnmZ5CJImSbBhuGNtDGl5JsVqAwqr6Zzk4uv0lO09/2LF7L8+a7GAcADzaLADIdN/UZqe76/361KoFXNwLhjqYBbmhDVbbePprWLb8ChUy2cc4AGgVNgoAZX0k2UcqG1gAfQ3z3KdSW0C3LJg/wNljvvSJrad/Y3uIX5nuZBwAlFZGbzplkuor5U22EePfr7extHWC8Sr4whDn+vwB9jXDKnuz/h6OtOvvVOY1AFTEiY39/gyKi2WFiFR3QYm1lLiJsIb/2hab8sTLggrzNRO68qft1rUx1BRqZ6md89kYB6AjrvAFAoafCpGUPAousbGGy5ZGWHfI+fLEw7Bia66/k9YetJlHUbHsJ7XKVp+BnYFAkQeAbBn7ny5GltjrA//TdhtZblzWI9uq+js03gewkqj+eYetXRszsff0B3sBIOL/5qysbBuHF8lIAbNt5Hk53AqvGaw65LYsL3xxmPOrH6/81F7PiIJ7756sbOdfdnxtwFOFQpIRMp0MLYaKAvP9VnyaHEOEPQquqzJv7+jK4VZ4dbetXfd5WvhpNOe2EwAibmlsaUmhzl4Rkbk2RsO1h+C3m21lvHFMJOP3Fw40z4zcFQ08vdXeIioa7rrvEtUUzfntBICIJyc2txiuYCiS3oB887yBAJsbrbRXbinuorlqRl/nFvc41bt7bS+jtj10nIejPb+dABBxasLm5hY6OuQ1IN0sHAg+G5+sP223RsG54VwTmy7qCbNikMe2oQ2etdfwB4qbH5yjor5aNv6bVMQBIBwOs3efvRkNInl1y4KaMvP9Wl18FZheDiO6f/7740ohOMjZFn+wfsffb4E2o4G7FgV/XDZZnTPff6TM2zJV+BO0mhjp5rv37KW8zMH8SCIp1JTD3w6Yr2O/pdGaMTi+Z2zKdTZeBTcMtarjHzdYN+jQIhgSo3Fs7+y1vXZis0fzLafKYT4SUKtNJtvv+tRe86ZIbj6P9Spgx5+2w36Xmo+qiuDSCrisInY3f32z7T5/0Nx531Rld+/PMX8FUGqzyebr6z42PoVIDVVFZ65Wd6UtBL/emJrLi7ef/N3sVP2BzR1NZvP9u2I+HTiM0R390boNhEL2fluR/C6rsHLkm9rXBM9sdb48blu+1fYkKK3CfM2Jhr9TGQeAE805m4CIC9Hc0sKWrdtNTyNSRGGm/emyq+rhXRe7Bp329l77ayVq+OXSavWqsyWyEQBee+3XrWjeNdnnzXciTlEmUtDFveyNDQBrxuBu40muieezJqttww4N29pD3O5siSx2hwIbRaIVK18nHE7BFzoRsSsH21snryMMj2+EphPOlylejp+Ax+qsCT82dCi4xs5c/0jYSwuuWGmy/aHDDXz40Xo7pxIpIs9vBQE7DrXCIxuSs1HwRNi6+e2mQNNwh0mWX1O2AkBxQL2HwZwAgGef+392TiVSyPBu9vv3dx2D33zs7nwBUxr43WZby3p3HmB1c4C7nSzT6WwlM6qrqwtVDBk6FFTECf937/mMSRdfRFGhjeliImUMLrQSXzTbGCFe32y9ElQmSZKpP++Ad+w3YjYpD5c8NEEdcLBIn2N7OrAOe7pcevifttea3z79B7unEynC77Wm1GbY/OSt3G2Nokt0b++F16IYA6c1X1062WzMjR22A8DkC4e/gtZGuV1fff0tNm1Owc5dYaQs18qjb9cz2+CjBF5ufO3B6PIdalj6wFT1lHMlOjvbAWDJkiVhlPq/JvtorfnZLx9F62R6kxOxMLaHvWzCYCXNfHITrE/AfILrDsH/2WQrsWenVwpDfNvBIp1TVAmNK6qGb0bzDZPjHDx0mOLiIioH2xwoLlLGkCLYftReC7nGqgX0ybVy9CWCTQ1Wl6WNnP6dPumAS+6tjk2X35lEFQC2b647UlE5rD9wgcl+a9etZ9KEiygocDinskgqSlkDhNYehBYbjYKdQaAs11qmzE2bGqzuvigSnLZ6FLMemKLi+o4cdU7AcNh7F2D039fa2saddy+lrb092tOLJJeTYU3DtdsoGNLWU3dzo7PlMuHAzQ+aL98/Wa1xrFARinpNkx1bNzRUVA4bCpxvsl/jkSMcPHSYiy8ah1JOp1sQySTfD71zrJqAndpzWMMHB6xaQK8cx4t3Th8dhMc3RX3z/89lU9XPHCuUAUcWNeo/uGq1UupGwGiw57btO+kIhbhgpFHsECmoR8DKy2e3YU8D6w5a3YwD4vRm+dfPrIE+UTT4oeEXD0xVcWv0O50jAWDHlo1HBlQO8yqYZrrv+g0bycvNZeiQKPqFREronWNl5916xP4xNjdag4yqip1P49VJYy3g+dzO6I6j4I+79/HFuuU/cK1bzLFlDceOGv5uawdXAMYpIFb/bS0azcjzhztVHJGkBhZASwg+iTj39OftOmb1LAzrFlm6bxNhbc3pfz3axUwUr3YcZ+GvLlOuTnNyLADU1dWFBg4ZthnNtdgIvh+tq6O5uYUxF4yUNoE0N6TISgm2L4rVgz9rsoLI0CLnVu9tOjmrz4FBSGsyPMxaVqNcXx/ZwYWNYfvmum0VlcMKgAl29t+4aTNbtm1n7OiRZGZmOlk0kUQUcF432H0MDkaxtsyhVqthsaLAamiMxu7j8It1sCeqZTgA2Oj1MuPHk+wv5+UkRwMAQFH+pJXZuS21QLmd/Xfv2curr7/JkMpB9CixkVBOpASPglEl1gQgmym0AGt8war9VgCws3gpWFl8fl0HTdEvcVGnoXbpZHsr+caC4wFg79414Yqq4S+j+RfA1vCM5uYWXlrxGocOH+b84cPw+21kkhBJz6OspKKHW60qvV1hDRsOw9F2q3Ew0naBjrCVxee5nVGN7uu0pr2dmgenKZtJwWLD8QAA1gjBgUOGrgd1JVEMNtqydTsvrXyd4sICBvTvK20DaUgpK49AQ1t0QQCsavzmBhhUAIEunikHWuDROmtsvwPe6vAz86EpysXhSmcWkwAAsH3zxi0DhgzbrmAhUfTItLS08uY777Pi1TcAGFTRH683ZsUWCUgpq02gpcNq4Y/GkXYr0WimF/rmf/6DqbF+/uuN9rP4nOb1DA9zl12soix5bMT0TtqxuW5dxeDhzShmRHus48ebWLXmQ1565TWOHD1Gt+JimUuQRhRW9b0tyi5CsF4JNjVYwWRw4T/Slh9phyc2wht7HKnyAzyPj0vvnxjdCr6xFPNH6fYtdW8PHDwsE8VkJ47X3NzC+g0befb5v/Du+2vYf+AgCkVRcSE+qRmkNIW12EhOBnzcGH16sIOt8H49FGVZXY7/uQH2OtQxpxQ/Kwhxw91TVEJPeInbS3XtnOBtKH1PrM7p92fQr7ycsj69KCvrTa+epWRnZREIZJOTE8Cjop73JCKQm5tDaY8SPJ7YXu+PG+CJTfZmEcZYSCm+t3SyusftgkQirq1qtXZ+SzgAAANFSURBVPMWX4/mUewsSiqSRl5eLrXTpnDd1UHy8mz2vUXgQIv11DZdgDSGjivF1Usnq+fcLkik4lpn3r65bm3/QcNWK8UcbHYRisTX3t7Opo+38Pqb73Dx+HHk5sZmil5OBowusd7lGxxdMMuW3drLjGWT1BtuF8RE3F+ad2yt21o5cMTvtCd8MSDrhqew401NfLS+jjmX1MasC9fvtYJAY3v03YR2KXjD66V26UQVRSZAd7jSarZ16/rGMaOGP9F6glxgPHF+FRHx09DQSP++5fTvZ2tgaEQ8Cs7vBt2yrdmADrXgR0KjebAph2sfHJ+Y3Xxdcf3Gq5kTnKFU+CFQlW6XRcRGzbQpfOfWm+JyrgMtVuPgnlhn1dPUA9cvm6peivGZYsr1frMdW+q2DxnU/5Ew/jYUEzBMKiISXyCQzawZ0+NyrpwMuLAUWkPwaeyeySt8YS65v1qtjdkZ4sT1GsCpZs4PDgiH9Z3AVSRAcBKOeWXF80/Xxvukt7yhLwUeA2yuTfw5HUrzw/wp3LFEqSRcqfDzEqpz/KU/L9+x4vmnr/V6VZVCPwok9CAKEbF1bpx02RT1p44QIzU868Dh1mgv45ZOVUtS5eaHBKsBnG7mpVeV6xMd/6rR16JU7FqRREx5tB7/0gvPvOdmGW75q56P5udAmeGuLUrxg/wO7l8yTSXesKMoJXQA6LRkyRLP2+9tqNYefb2GRUCe22USEfv9iuefvtLtQgB8+2Vd0O7nDhTfILLa7+tKcWM81uhzS1IEgFONGXNjRnGPgxeGPZ7pCqZjdSNmuV0u8XlasdIfylz44otP2V0gOyZufVNPCod5GBh6lk0aUHxn2SQeQamUXscu6QLA6WbPnp0Z9mZVhbW3UqMqNbpKoQZoyFXoPKAQyAWiTAolInQM1Eeo8ONF2Z7Hli9fHnK7QGey5FWddcTDzSiuAgYACs024HeeMP95/zSVwMuPCiGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBAiMv8fEXkhdG5DOgcAAAAASUVORK5CYII=", ++++ "url": "https://github.com/fallard84/cs-cloud-firewall-bouncer", ++++ "description": "Crowdsec Cloud Firewall Bouncer", ++++ "stars": 5, ++++ "downloads": 25, ++++ "readme_content": "PHAgYWxpZ249ImNlbnRlciI+CjxhIGhyZWY9Imh0dHBzOi8vZ2l0aHViLmNvbS9jcm93ZHNlY3VyaXR5L2Nyb3dkc2VjIj48aW1nIHNyYz0iaHR0cHM6Ly9naXRodWIuY29tL2Nyb3dkc2VjdXJpdHkvY3Jvd2RzZWMvcmF3L21hc3Rlci9kb2NzL2Fzc2V0cy9pbWFnZXMvY3Jvd2RzZWNfbG9nby5wbmciIGFsdD0iQ3Jvd2RTZWMiIHRpdGxlPSJDcm93ZFNlYyIgd2lkdGg9IjQwMCIgaGVpZ2h0PSIyNDAiIHN0eWxlPSJtYXgtd2lkdGg6MTAwJTsiPjwvYT4KPC9wPgo8cCBhbGlnbj0iY2VudGVyIj4KPGEgaHJlZj0naHR0cHM6Ly9naXRodWIuY29tL2ZhbGxhcmQ4NC9jcy1jbG91ZC1maXJld2FsbC1ib3VuY2VyL2FjdGlvbnM/cXVlcnk9d29ya2Zsb3clM0FidWlsZCc+PGltZyBzcmM9J2h0dHBzOi8vZ2l0aHViLmNvbS9mYWxsYXJkODQvY3MtY2xvdWQtZmlyZXdhbGwtYm91bmNlci93b3JrZmxvd3MvYnVpbGQvYmFkZ2Uuc3ZnJyBhbHQ9J0J1aWxkIFN0YXR1cycgLz48L2E+CjxhIGhyZWY9J2h0dHBzOi8vZ2l0aHViLmNvbS9mYWxsYXJkODQvY3MtY2xvdWQtZmlyZXdhbGwtYm91bmNlci9hY3Rpb25zP3F1ZXJ5PWJyYW5jaCUzQW1haW4rd29ya2Zsb3clM0F0ZXN0cyc+PGltZyBzcmM9J2h0dHBzOi8vZ2l0aHViLmNvbS9mYWxsYXJkODQvY3MtY2xvdWQtZmlyZXdhbGwtYm91bmNlci93b3JrZmxvd3MvdGVzdHMvYmFkZ2Uuc3ZnP2JyYW5jaD1tYWluJyBhbHQ9J1Rlc3RzIFN0YXR1cycgLz48L2E+CjxhIGhyZWY9J2h0dHBzOi8vY292ZXJhbGxzLmlvL2dpdGh1Yi9mYWxsYXJkODQvY3MtY2xvdWQtZmlyZXdhbGwtYm91bmNlcj9icmFuY2g9bWFpbic+PGltZyBzcmM9J2h0dHBzOi8vY292ZXJhbGxzLmlvL3JlcG9zL2dpdGh1Yi9mYWxsYXJkODQvY3MtY2xvdWQtZmlyZXdhbGwtYm91bmNlci9iYWRnZS5zdmc/YnJhbmNoPW1haW4nIGFsdD0nQ292ZXJhZ2UgU3RhdHVzJyAvPjwvYT4KPGEgaHJlZj0naHR0cHM6Ly9nb3JlcG9ydGNhcmQuY29tL3JlcG9ydC9naXRodWIuY29tL2ZhbGxhcmQ4NC9jcy1jbG91ZC1maXJld2FsbC1ib3VuY2VyJz48aW1nIHNyYz0naHR0cHM6Ly9nb3JlcG9ydGNhcmQuY29tL2JhZGdlL2dpdGh1Yi5jb20vZmFsbGFyZDg0L2NzLWNsb3VkLWZpcmV3YWxsLWJvdW5jZXInIGFsdD0nR28gUmVwb3J0IENhcmQnIC8+PC9hPgo8YSBocmVmPSdodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL01JVCc+PGltZyBzcmM9J2h0dHBzOi8vaW1nLnNoaWVsZHMuaW8vYmFkZ2UvTGljZW5zZS1NSVQteWVsbG93LnN2ZycgYWx0PSdMaWNlbnNlOiBNSVQnIC8+PC9hPgoKPC9wPgoKPHAgYWxpZ249ImNlbnRlciI+CiYjeDFGNERBOyA8YSBocmVmPSIjaW5zdGFsbGF0aW9uLWFzLWEtc3lzdGVtZC1zZXJ2aWNlIj5Eb2N1bWVudGF0aW9uPC9hPgomI3gxRjRBMDsgPGEgaHJlZj0iaHR0cHM6Ly9odWIuY3Jvd2RzZWMubmV0Ij5IdWI8L2E+CiYjMTI4MTcyOyA8YSBocmVmPSJodHRwczovL2Rpc2NvdXJzZS5jcm93ZHNlYy5uZXQiPkRpc2NvdXJzZSA8L2E+CjwvcD4KCiMgQ3Jvd2RTZWMgQ2xvdWQgRmlyZXdhbGwgQm91bmNlcgoKQm91bmNlciBmb3IgY2xvdWQgZmlyZXdhbGxzIHRvIHVzZSB3aXRoIFtDcm93ZHNlY10oaHR0cHM6Ly9naXRodWIuY29tL2Nyb3dkc2VjdXJpdHkvY3Jvd2RzZWMpLgoKOndhcm5pbmc6IFRoaXMgaXMgbm90IGFuIG9mZmljaWFsIENyb3dkc2VjIGJvdW5jZXIuCgpUaGUgQ2xvdWQgRmlyZXdhbGwgQm91bmNlciB3aWxsIHBlcmlvZGljYWxseSBmZXRjaCBuZXcgYW5kIGV4cGlyZWQvcmVtb3ZlZCBkZWNpc2lvbnMgZnJvbSB0aGUgQ3Jvd2RTZWMgTG9jYWwgQVBJIGFuZCB1cGRhdGUgY2xvdWQgZmlyZXdhbGwgcnVsZXMgYWNjb3JkaW5nbHkuCgpTdXBwb3J0ZWQgY2xvdWQgcHJvdmlkZXJzOgoKLSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0gKEdDUCkgTmV0d29yayBGaXJld2FsbDpoZWF2eV9jaGVja19tYXJrOgotIEdvb2dsZSBDbG91ZCBQbGF0Zm9ybSAoR0NQKSBDbG91ZCBBcm1vcjpoZWF2eV9jaGVja19tYXJrOgotIEFtYXpvbiBXZWIgU2VydmljZXMgKEFXUykgTmV0d29yayBGaXJld2FsbCA6aGVhdnlfY2hlY2tfbWFyazoKCiMjIFVzYWdlIHdpdGggZXhhbXBsZQoKQSBjb21wbGV0ZSBzdGVwLWJ5LXN0ZXAgZXhhbXBsZSBvZiB1c2luZyB0aGUgYm91bmNlciBkb2NrZXIgaW1hZ2Ugd2l0aCB0aGUgR0NQIHByb3ZpZGVyIGlzIGF2YWlsYWJsZSBbaGVyZV0oZG9jcy9leGFtcGxlLWdjcC5tZCkuCgojIyBVc2luZyBEb2NrZXIKCllvdSBjYW4gcnVuIHRoaXMgYm91bmNlciB1c2luZyB0aGUgW2RvY2tlciBpbWFnZV0oaHR0cHM6Ly9odWIuZG9ja2VyLmNvbS9yL2ZhbGxhcmQvY3MtY2xvdWQtZmlyZXdhbGwtYm91bmNlcikuCgpZb3Ugd2lsbCBuZWVkIHRvIGNyZWF0ZSB0aGUgY29uZmlndXJhdGlvbiBmaWxlIGFuZCBtb3VudCBpdCBvbiB0aGUgZG9ja2VyIGNvbnRhaW5lci4gQnkgZGVmYXVsdCwgdGhlIGJvdW5jZXIgd2lsbCBsb29rIGZvciB0aGUgY29uZmlnIGF0IGAvZXRjL2Nyb3dkc2VjL2NvbmZpZy5kL2NvbmZpZy55YW1sYCBidXQgdGhpcyBjYW4gYmUgb3ZlcnJpZGRlbiB3aXRoIHRoZSBgQ09ORklHX1BBVEhgIGVudmlyb25tZW50IHZhcmlhYmxlLgoKIyMgSW5zdGFsbGF0aW9uIChhcyBhIHN5c3RlbWQgc2VydmljZSkKCiMjIyBXaXRoIGluc3RhbGxlcgoKRmlyc3QsIGRvd25sb2FkIHRoZSBsYXRlc3QgW2Bjcy1jbG91ZC1maXJld2FsbC1ib3VuY2VyYCByZWxlYXNlXShodHRwczovL2dpdGh1Yi5jb20vZmFsbGFyZDg0L2NzLWNsb3VkLWZpcmV3YWxsLWJvdW5jZXIvcmVsZWFzZXMpLgoKYGBgc2gKJCB0YXIgeHp2ZiBjcy1jbG91ZC1maXJld2FsbC1ib3VuY2VyLnRnegokIHN1ZG8gLi9pbnN0YWxsLnNoCmBgYAoKIyMjIEZyb20gc291cmNlCgpSdW4gdGhlIGZvbGxvd2luZyBjb21tYW5kczoKCmBgYGJhc2gKZ2l0IGNsb25lIGh0dHBzOi8vZ2l0aHViLmNvbS9mYWxsYXJkODQvY3MtY2xvdWQtZmlyZXdhbGwtYm91bmNlci5naXQKY2QgY3MtY2xvdWQtZmlyZXdhbGwtYm91bmNlci8KbWFrZSByZWxlYXNlCnRhciB4enZmIGNzLWNsb3VkLWZpcmV3YWxsLWJvdW5jZXIudGd6CmNkIGNzLWNsb3VkLWZpcmV3YWxsLWJvdW5jZXItdiovCnN1ZG8gLi9pbnN0YWxsLnNoCmBgYAoKIyMjIFN0YXJ0CgpJZiB5b3VyIGJvdW5jZXIgcnVuIG9uIHRoZSBzYW1lIG1hY2hpbmUgYXMgeW91ciBjcm93ZHNlYyBsb2NhbCBBUEksIHlvdSBjYW4gc3RhcnQgdGhlIHNlcnZpY2UgZGlyZWN0bHkgc2luY2UgdGhlIGBpbnN0YWxsLnNoYCB0b29rIGNhcmUgb2YgdGhlIGNvbmZpZ3VyYXRpb24uCgpgYGBzaApzdWRvIHN5c3RlbWN0bCBzdGFydCBjcy1jbG91ZC1maXJld2FsbC1ib3VuY2VyCmBgYAoKIyMjIFVwZ3JhZGUKCklmIHlvdSBhbHJlYWR5IGhhdmUgYGNzLWNsb3VkLWZpcmV3YWxsLWJvdW5jZXJgIGluc3RhbGxlZCBhcyBhIHNlcnZpY2UsIHBsZWFzZSBkb3dubG9hZCB0aGUgW2xhdGVzdCByZWxlYXNlXShodHRwczovL2dpdGh1Yi5jb20vZmFsbGFyZDg0L2NzLWNsb3VkLWZpcmV3YWxsLWJvdW5jZXIvcmVsZWFzZXMpIGFuZCBydW4gdGhlIGZvbGxvd2luZyBjb21tYW5kcyB0byB1cGdyYWRlIGl0OgoKYGBgYmFzaAp0YXIgeHp2ZiBjcy1jbG91ZC1maXJld2FsbC1ib3VuY2VyLnRnegpjZCBjcy1jbG91ZC1maXJld2FsbC1ib3VuY2VyLXYqLwpzdWRvIC4vdXBncmFkZS5zaApgYGAKCiMjIENvbmZpZ3VyYXRpb24KCkJlZm9yZSBzdGFydGluZyB0aGUgYGNzLWNsb3VkLWZpcmV3YWxsLWJvdW5jZXJgIHNlcnZpY2UsIHBsZWFzZSBlZGl0IHRoZSBjb25maWd1cmF0aW9uIHRvIGFkZCB5b3VyIGNsb3VkIHByb3ZpZGVyIGNvbmZpZ3VyYXRpb24sIGFzIHdlbGwgYXMgdGhlIGNyb3dkc2VjIGxvY2FsIEFQSSB1cmwgYW5kIGtleS4KVGhlIGRlZmF1bHQgY29uZmlndXJhdGlvbiBmaWxlIGlzIGxvY2F0ZWQgdW5kZXIgOiBgL2V0Yy9jcm93ZHNlYy9jcy1jbG91ZC1maXJld2FsbC1ib3VuY2VyL2AKCmBgYHNoCiQgdmltIC9ldGMvY3Jvd2RzZWMvY3MtY2xvdWQtZmlyZXdhbGwtYm91bmNlci9jcy1jbG91ZC1maXJld2FsbC1ib3VuY2VyLnlhbWwKYGBgCgpgYGB5YW1sCmNsb3VkX3Byb3ZpZGVyczogIyAxIG9yIG1vcmUgcHJvdmlkZXIgbmVlZHMgdG8gYmUgc3BlY2lmaWVkCiAgZ2NwOgogICAgcHJvamVjdF9pZDogZ2NwLXByb2plY3QtaWQgIyBvcHRpb25hbCBpZiB1c2luZyBhcHBsaWNhdGlvbiBkZWZhdWx0IGNyZWRlbnRpYWxzLCB3aWxsIG92ZXJyaWRlIHByb2plY3QgaWQgb2YgdGhlIGFwcGxpY2F0aW9uIGRlZmF1bHQgY3JlZGVudGlhbHMKICAgIG5ldHdvcms6IGRlZmF1bHQgIyBtYW5kYXRvcnkuIFRoaXMgaXMgdGhlIFZQQyBuZXR3b3JrIHdoZXJlIHRoZSBmaXJld2FsbCBydWxlcyB3aWxsIGJlIGNyZWF0ZWQKICAgIHByaW9yaXR5OiAwICMgb3B0aW9uYWwsIGRlZmF1bHRzIHRvIDAgKGhpZ2hlc3QgcHJpb3JpdHkpLiBBZGRpdGlvbmFsIHJ1bGVzIHdpbGwgYmUgaW5jcmVtZW50ZWQgYnkgMS4KICAgIG1heF9ydWxlczogMTAgIyBvcHRpb25hbCwgZGVmYXVsdHMgdG8gMTAuIFRoaXMgaXMgdGhlIG1heGltdW0gbnVtYmVyIG9mIHJ1bGVzIHRvIGNyZWF0ZS4gT25lIEdDUCBuZXR3b3JrIGZpcmV3YWxsIHJ1bGUgY2FuIGNvbnRhaW4gYXQgbW9zdCAyNTYgc291cmNlIHJhbmdlcy4gVXNpbmcgdGhlIGRlZmF1bHQgb2YgMTAgbWVhbnMgMjU2MCBzb3VyY2UgcmFuZ2VzIGF0IG1vc3QgY2FuIGJlIGNyZWF0ZWQuIEEgR0NQIHByb2plY3QgaGFzIGEgZGVmYXVsdCBxdW90YSBvZiAxMDAgcnVsZXMgYWNyb3NzIGFsbCBWUEMgbmV0d29ya3MuIFNlZSBodHRwczovL2Nsb3VkLmdvb2dsZS5jb20vdnBjL2RvY3MvcXVvdGEgZm9yIG1vcmUgaW5mby4KICBhd3M6CiAgICByZWdpb246IHVzLWVhc3QtMSAjIG1hbmRhdG9yeQogICAgZmlyZXdhbGxfcG9saWN5OiBwb2xpY3ktbmFtZSAjIG1hbmRhdG9yeSwgdGhpcyBpcyB0aGUgZmlyZXdhbGwgcG9saWN5IHdoaWNoIHdpbGwgY29udGFpbiB0aGUgcnVsZSBncm91cC4gVGhlIGZpcmV3YWxsIHBvbGljeSBtdXN0IGV4aXN0LgogICAgY2FwYWNpdHk6IDEwMDAgIyBvcHRpb25hbCwgZGVmYXVsdHMgdG8gMTAwMC4gVGhpcyBpcyB0aGUgY2FwYWNpdHkgb2YgdGhlIHN0YXRlbGVzcyBydWxlIGdyb3VwIHRoYXQgdGhlIGJvdW5jZXIgd2lsbCBjcmVhdGUuIEEgY2FwYWNpdHkgb2YgMTAwMCBzaWduaWZ5IHRoYXQgdGhlIHJ1bGUgd2lsbCBjb250YWluIGF0IG1vc3QgMTAwMCBzb3VyY2UgcmFuZ2VzLiBBV1MgaGFzIGEgZGVmYXVsdCBxdW90YSBvZiAxMCwwMDAgc3RhdGVsZXNzIGNhcGFjaXR5IHBlciBhY2NvdW50IHBlciByZWdpb24uIFNlZSBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vbmV0d29yay1maXJld2FsbC9sYXRlc3QvZGV2ZWxvcGVyZ3VpZGUvcXVvdGFzLmh0bWwgZm9yIG1vcmUgaW5mby4gVGhpcyBjYXBhY2l0eSBpcyBvbmx5IHVzZWQgd2hlbiB0aGUgcnVsZSBpcyBiZWluZyBjcmVhdGVkIGFuZCB3aWxsIG5vdCBiZSB1cGRhdGVkIGFmdGVyd2FyZHMuCiAgICBwcmlvcml0eTogMSAjIG9wdGlvbmFsLCBkZWZhdWx0cyB0byAxIChoaWdoZXN0IHByaW9yaXR5KS4gVGhpcyBpcyB0aGUgcHJpb3JpdHkgb2YgdGhlIHJ1bGUgZ3JvdXAgaW4gdGhlIGZpcmV3YWxsIHBvbGljeS4KICBjbG91ZGFybW9yOgogICAgcHJvamVjdF9pZDogZ2NwLXByb2plY3QtaWQgIyBvcHRpb25hbCBpZiB1c2luZyBhcHBsaWNhdGlvbiBkZWZhdWx0IGNyZWRlbnRpYWxzLCB3aWxsIG92ZXJyaWRlIHByb2plY3QgaWQgb2YgdGhlIGFwcGxpY2F0aW9uCiAgICBwb2xpY3k6IHRlc3QtcG9saWN5ICMgbWFuZGF0b3J5LCB0aGlzIGlzIHRoZSBjbG91ZCBhcm1vciBwb2xpY3kgd2hpY2ggd2lsbCBjb250YWluIHRoZSBydWxlcy4gVGhlIGNsb3VkIGFybW9yIHBvbGljeSBtdXN0IGV4aXN0LgogICAgcHJpb3JpdHk6IDAgIyBvcHRpb25hbCwgZGVmYXVsdHMgdG8gMCAoaGlnaGVzdCBwcmlvcml0eSkuIEFkZGl0aW9uYWwgcnVsZXMgd2lsbCBiZSBpbmNyZW1lbnRlZCBieSAxLgogICAgbWF4X3J1bGVzOiAxMDAgIyBvcHRpb25hbCwgZGVmYXVsdHMgdG8gMTAwLiBUaGlzIGlzIHRoZSBtYXhpbXVtIG51bWJlciBvZiBydWxlcyB0byBjcmVhdGUuIE9uZSBjbG91ZCBhcm1vciBydWxlIGNhbiBjb250YWluIGF0IG1vc3QgMTAgc291cmNlIHJhbmdlcy4gQSBHQ1AgcHJvamVjdCBoYXMgYSBkZWZhdWx0IHF1b3RhIG9mIDIwMCBydWxlcyBhY3Jvc3MgYWxsIHNlY3VyaXR5IHBvbGljaWVzLiBVc2luZyB0aGUgZGVmYXVsdCBvZiAxMDAgbWVhbnMgMTAwMCBzb3VyY2UgcmFuZ2VzIGF0IG1vc3QgY2FuIGJlIGNyZWF0ZWQuIFNlZSBodHRwczovL2Nsb3VkLmdvb2dsZS5jb20vYXJtb3IvcXVvdGFzIGZvciBtb3JlIGluZm8uCnJ1bGVfbmFtZV9wcmVmaXg6IGNyb3dkc2VjICMgbWFuZGF0b3J5LCB0aGlzIGlzIHRoZSBwcmVmaXggZm9yIHRoZSBmaXJld2FsbCBydWxlIG5hbWUocykgdG8gY3JlYXRlL3VwZGF0ZQp1cGRhdGVfZnJlcXVlbmN5OiAxMHMKZGFlbW9uaXplOiB0cnVlCmxvZ19tb2RlOiBzdGRvdXQKbG9nX2RpcjogbG9nLwpsb2dfbGV2ZWw6IGluZm8KYXBpX3VybDogPEFQSV9VUkw+ICMgd2hlbiBpbnN0YWxsLCBkZWZhdWx0IGlzICJsb2NhbGhvc3Q6ODA4MCIKYXBpX2tleTogPEFQSV9LRVk+ICMgQWRkIHlvdXIgQVBJIGtleSBnZW5lcmF0ZWQgd2l0aCBgY3NjbGkgYm91bmNlcnMgYWRkIC0tbmFtZSA8Ym91bmNlcl9uYW1lPmAKYGBgCgojIyMgUnVsZSBuYW1lIHByZWZpeCByZXF1aXJlbWVudHMKClRoZSBydWxlIG5hbWUgcHJlZml4IGJlIDEtNDQgY2hhcmFjdGVycyBsb25nIGFuZCBtYXRjaCB0aGUgcmVndWxhciBleHByZXNzaW9uIGBeKD86W2Etel0oPzpbLWEtejAtOV17MCw0M30pPylcJGAuIFRoZSBmaXJzdCBjaGFyYWN0ZXIKbXVzdCBiZSBhIGxvd2VyY2FzZSBsZXR0ZXIsIGFuZCBhbGwgZm9sbG93aW5nIGNoYXJhY3RlcnMgbXVzdCBiZSBhIGRhc2gsIGxvd2VyY2FzZSBsZXR0ZXIsIG9yCmRpZ2l0LiBUaGUgbmFtZSBjYW5ub3QgY29udGFpbiB0d28gY29uc2VjdXRpdmUgZGFzaCAoJy0nKSBjaGFyYWN0ZXJzLgoKIyMgQXV0aGVudGljYXRpb24KCiMjIyBHQ1AKCkF1dGhlbnRpY2F0aW9uIHRvIEdDUCBpcyBkb25lIHRocm91Z2ggW0FwcGxpY2F0aW9uIERlZmF1bHQgQ3JlZGVudGlhbHNdKGh0dHBzOi8vY2xvdWQuZ29vZ2xlLmNvbS9kb2NzL2F1dGhlbnRpY2F0aW9uL3Byb2R1Y3Rpb24pLiBJZiB1c2luZyBhIHNlcnZpY2UgYWNjb3VudCwgdGhlIEdDUCBwcm9qZWN0IElEIHdpbGwgYmUgYXV0b21hdGljYWxseSBkZXRlcm1pbmVkICh1c2luZyB0aGUgcHJvamVjdCBJRCBvZiB0aGUgc2VydmljZSBhY2NvdW50KSBhbmQgZG9lcyBub3QgaGF2ZSB0byBiZSBzcGVjaWZpZWQgaW4gdGhlIGNvbmZpZ3VyYXRpb24uIElmIHRoZSBzZXJ2aWNlIGFjY291bnQgcmVzaWRlcyBpbiBhIGRpZmZlcmVudCBwcm9qZWN0IHRoYW4gdGhlIFZQQyBuZXR3b3JrL0Nsb3VkIEFybW9yIHBvbGljeSwgdGhlIEdDUCBwcm9qZWN0IElEIG11c3QgYmUgb3ZlcnJpZGRlbiBpbiB0aGUgY29uZmlndXJhdGlvbi4KCiMjIyMgTmV0d29yayBGaXJld2FsbAoKVGhlIHNlcnZpY2UgYWNjb3VudCB3aWxsIG5lZWQgdGhlIGZvbGxvd2luZyBwZXJtaXNzaW9uczoKCi0gY29tcHV0ZS5maXJld2FsbHMuY3JlYXRlCi0gY29tcHV0ZS5maXJld2FsbHMuZGVsZXRlCi0gY29tcHV0ZS5maXJld2FsbHMuZ2V0Ci0gY29tcHV0ZS5maXJld2FsbHMubGlzdAotIGNvbXB1dGUuZmlyZXdhbGxzLnVwZGF0ZQotIGNvbXB1dGUubmV0d29ya3MudXBkYXRlUG9saWN5CgojIyMjIENsb3VkIEFybW9yCgpUaGUgc2VydmljZSBhY2NvdW50IHdpbGwgbmVlZCB0aGUgZm9sbG93aW5nIHBlcm1pc3Npb25zOgoKLSBjb21wdXRlLnNlY3VyaXR5UG9saWNpZXMuZ2V0Ci0gY29tcHV0ZS5zZWN1cml0eVBvbGljaWVzLnVwZGF0ZQoKVGhlIG1hbmFnZWQgcm9sZSBgcm9sZXMvY29tcHV0ZS5zZWN1cml0eUFkbWluYCBhbHJlYWR5IHByb3ZpZGVzIHRoZXNlIHBlcm1pc3Npb25zLgoKIyMjIEFXUwoKQXV0aGVudGljYXRpb24gdG8gQVdTIGlzIGRvbmUgdGhyb3VnaCB0aGUgW2RlZmF1bHQgY3JlZGVudGlhbCBwcm92aWRlciBjaGFpbl0oaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL3Nkay1mb3ItZ28vYXBpL2F3cy9kZWZhdWx0cy8jQ3JlZENoYWluKS4KClRoZSB1c2VyIGFjY291bnQgd2lsbCBuZWVkIHRoZSBmb2xsb3dpbmcgcGVybWlzc2lvbnM6CgotIExpc3RGaXJld2FsbFBvbGljaWVzCi0gTGlzdFJ1bGVHcm91cHMKLSBEZXNjcmliZUZpcmV3YWxsUG9saWN5Ci0gRGVzY3JpYmVSdWxlR3JvdXAKLSBDcmVhdGVSdWxlR3JvdXAKLSBEZWxldGVSdWxlR3JvdXAKLSBVcGRhdGVGaXJld2FsbFBvbGljeQotIFVwZGF0ZVJ1bGVHcm91cAoKVGhlIG1hbmFnZWQgcm9sZSBgTmV0d29ya0ZpcmV3YWxsTWFuYWdlcmAgYWxyZWFkeSBwcm92aWRlcyB0aGVzZSBwZXJtaXNzaW9ucy4KCiMjIFRvZG8KCi0gQWRkIEF6dXJlIGFzIGEgcHJvdmlkZXIKLSBBZGQgQVdTIFdBRiBhcyBhIHByb3ZpZGVyCg==", ++++ "version": "v0.2.0", ++++ "download_url": "https://github.com/fallard84/cs-cloud-firewall-bouncer/releases/tag/v0.2.0", ++++ "asset_url": "https://github.com/fallard84/cs-cloud-firewall-bouncer/releases/download/v0.0.2/cs-cloud-firewall-bouncer.tgz", ++++ "status": "unstable" ++++ }, ++++ { ++++ "name": "caddy-crowdsec-bouncer", ++++ "author": "hslatman", ++++ "logo": "iVBORw0KGgoAAAANSUhEUgAAA+gAAAD7CAMAAADO105+AAAC91BMVEUAAAAAAAAAAAAAGAIAAAAAAAAAAAAAAAAAGAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/0PkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABO1Pc90P8MrRk90P890P890P890P890P890P890P890P8Nqig90P8Apw9G0v0OryM90P8Lph+B3rwApg4HrR890P8AqA490P8ApAc90P8ApAcXtTsRryRGxm4AfQIAqhIDfw0Vt0MCwIm37NYAfAAAfQMAfACp58qg48ICwYuV37gAAAA90P8zNTAAfAABqQ0BqxAAoQMApAf///8AoAEApgkAowUBrhQBrBK6vbYBrxcApwuCgoLh4t/a29fc3drf4Nzs7Orj5OHX2NTl5uPn6OXS1M/V1tLp6ucAog7LzcfGycMFsRwCvoEQtirP0cw0xVcApRYvwlDw+/QBqSk7x1/Dxb8BqzEUty8qwEoBrTi9wLkJsiABrz/r+fECwYz0/PfAwrwvvcUYuTQmv0VXWFU4OjUbujgMsyPk9eTp+Ow/QDw0NjL4+/nb8txDRUEjvUEeuzoAjAMNtCbu7uxQUU99fn1dXlxvcG7U8NUgvD4Cw5V5eXhpamhjZGIBsEba9ejP8uIAphwCu3QApyAAkAn09PPE7tpKTEji9+4AqCSo4Ks0R1eU2po6PDt0dXTH68ix5LMBt2Se3qK369HA6cLN7c6C1Ii55ruKjIozja1dyWYBs1QBgg2L15EzYHZSxlxozHCZmpd50X9IwlNxz3citzIjriYNtVE+wEuo5sU1vUIsujuqrKgorT8ZriEZtCo7yfSU4b4nRSU0sdkRk0YzlbcyVWY0pcqQro0Kiiw3wOhJwu80iqoKkxwzaoInsqUzeJEzf5wepX10krMXnGHF4cVihqRgcoxmn8PC3sEzh6YBnj9Ut+Feq9KBhqI/x4Q0xNpb06MdozAKbgosNv34AAAAU3RSTlMAy4IG6ruk4wz8MfcW8XRkEJNv2cMk0rI4rItVXAybex4qQEbeTFBqH/L9zpcq4lo/u3ogqJM0eE01/WOth7xl6G7T3FT57OKpSbbmyl51xqN9dJdQW+IAAEF3SURBVHja7NtdasUgEEDh2YjvilFjCJKXEO4eZv9raaG0tC+Xtjf+JJxvD8McTZTGTCjzlo5lX7OP6nxep+WRtrkEawTAxRk7L6vTp/yeAuMOXJIpafL6e259zIw7cCXh4fU/3MSwA5dgD6+viHth2IGR2ZT1DHEJAmBEJkU90W4FwGBK1rPFRMMDA7G71pFnATACc0StaOK4DnRnV60tstaBrmzWFuImADoJWVtxjDrQRfDakksCoLHitTV3CIBnrr3Nv7DVgWbMpL1EPrYBbWxOO5r4XQ6oz3r9Oy7ggUtZtD/PexegptnpEBYBUInJOgpXBEANZZB1zlIHfrjd6fw7z/U7IHLbbCffgU+3znbyHfhw72wn34F3t8928h04WRgy28l34Eyzjm0VAK9KOroswBt7d7PTRBQFcPxCAUsLIiBooaCCokbFmBjjxvgQ93bFqkk/pvSLyIIHcOUCNtB0Uz4WtMvGhWnXdUPCvgsSoiRiiKYJdgFuPXNLh4GZqZ1pi870/DY8wT/nnjudAVnzGg6v5BBqnjfMDGaxdIQa8JKZw2N8nw0hw16w5tg7KZdKpePj418i+Fsun54csmbC0hEyZuIJa9BJybexsbG9vZ3Pb4F0Op0Bm5uby2B9ff3j+s6P7wfNKR4fqCNkxMQsM+6wXPCBSud53nkaiJnLOgfJZHJ1NbnzfZ81Cj88g9BVdn5Y8lVB5qDaeUaj81xuZWXNs7bzZY81Av9zE0K6GTy3l30yNY/tIMk7X+Wdc7mjA2YcfiEWoau4hzv1ycjX87RW5zxz3rnk02dWD7yRszrHkBY3uTozQ1puEwt4ynQ78QHFOJc6r3Vsh84v+Gpwrj/G5+kWcp1q6SBXp5tq6STm94bp9dt3kfK2XcocnGUOVDrnjvZZnfCXMxaFobfcW6agK3Og7Fzr2A6dq/pkJPUnBFkFht5qr5mC3sx558pje2Yrc6Fz7cx56gesLviGiyVh6C32iukCmdce54XiYiCazSayqag/EAbxRW9xt7CdXv5Ys3OQ+8L0ekqQNWDorfWI6VH2aY7zfMEbCGUTcyCRigrhOIDMAxVBkSAIwfe7W0kPaOQAj1+isCAMvaUmHrP6Hfo0Ovd55yFxLhsJxmNxLgykzIEA/Fy4mM951B3tscus98MZW9/I7ekpx0ifnSAM/Sq8ZPUrqXZeWAxB41xiIRiLQeVS5orKuXkQiQjFLY8qved301y92xzuQVd3x3CXk55zdg13Dz6cvkvaHYbeSs8ZZ2ycg914du5MNhKOiSqVKzIHPHJRBEQj0Wg0XFhRO79LQ90yV+83poYmO5y0Bueo67rDRtoXhq7wTxb0U7XKpVEeEmKcfJhz59NcEDP3S52DBRBa2vAoHTA93pD/mn285z6tT7/r4T3SpjD0FpplnJHL9oI3Ic3y4JK8cq3VHCJXZL4QAh+WFaX/ZCrM+M6qfdzlpLpc65lpy8GOoetmG5lyT4/Ym7mgK4b5u7mqUCBWoZq5wPlFyswrUqnQUkb7+G7i38Lyyg3oGmvDuY6h6zTl6qVc97hNx4KuZz0vBquVJ6Lx2plzisp551LmokDec8k+M/ma/gAqN6xj4AZpLxi6Lo5RKnJS0bUHxhd07c53BSlzf2xJ1nmYk2WuOczl01y0AAIZldLN+zR9poM2xjk5QtoJhq7HABQ++tBxg9jvuW9SSsdsRNOsoc4Li7LV/O/TXJG51DmvXMo8Crxrl0s37Zo+Pkob1zvZTg/dMHQdOmGKT1+Y7i6i5amhzotZaZov6djNlZVD5il55iAyX7hUujnXdBtk3hzOwT7SLjD0+j2g9GYfOWfvoXSIqHtmpPOCf+5MKq56Zg/WnOa8crVpDiJgfj6eVDxmM9uP3m3uYdo8zs522dUx9Lrd7afDdtLTLXKNDdgIsXXTXgdRNWug811pnAf1DHOgvZpHF6TMRf68eumm+d7M7VHaXP1u0hYw9LoNUidUfU16IDtDSF8XdTV04+6T8Urbefwvmfs5xWoeUgzzs8oBr1xU9Mh9M9fNu62zlzbdrbY4v2Po9bL300kiC51nf5329hGlCf2dF+LVzqOyQ/ulF9Rkw1wxzdXP7JHzYc4Jwjv5nVyOXfCffwAabkVaoWucWB+GXq8BSh2V0G8Sm2NMfJIOI72X3jH+U5myrPNotXNBNs71T/OU9jQHAgjGc55zX83zdgsf563RY/1NHUP/w965/LRxxHF87PVjba/xLn4b1zbYhlZNX1FV9VJV/RtmfcoJiVcJgSgcuHHJiQO9hMiX8jgkHCsOFpzJBcl3DpGiEimtIqJKbVW15y679jDGZj0zO7NxwJ8c2ksIsvjw+813fjNDSgHGQVt0gxSEUfM7TzMncf9ini+1PZ/Hh13n+muOLO+u5kjzWaT5/AUdkdy7DyWPQ+VcBMEyuOEMRScCKY1ET0MYkS709zAncZjniyiGu25tjs+0o57dANMcr+Z4BNe2vCX63BxmOh7IDfJN76icCyIUAzeboeikVKCGiZ6xWndQhD7W2yBnLllAnvc8ubJgNx3T0vxHO8utnt1k7oKVA8z0lx9AHienISc+gJ+0NkPR3ws+mGuJ7kunzUhuxPz8omxJHH4wdQ717bjm9vtpBl1BO5bBYQkc7vmcxf0V7KD6iU7KF+A9oXigeAI3+lTbUHRSPDBgid7G9F6DKcYkrse+2hLZftqj0+bxzt7+5sETQ9Of6tv7ezvHzdPHSw9xzU0wyzHP7xus4xNyg57HJePQDRI3OZIbik5KFnpw0VshXBqmWQ6z4CfQm2gcDtcc309Dns9uNJ8f1q5l0zj4hiVw+NLcAEluXiyJ7adv6YN9uCXjg+4Qv8HD70PRSfHCkGKJnlIUL7Rm4tQozDEUdHwk7vjn9pwMXsxbYNV8obmLLm63Y3tm7YrnncV8xRR9eeUYS94HuqRXI9AtKjd3dmYoOilJa1EeND8ZKWX8RwJgCsJxphX6DGIFLdC7ijmm+emu9RwyEfXmPLL8as++YrJssMswIPcDcJ1YCLpH6sZ270PRKb7JitwW3Uzdi0COQz/DqTU8iTtte/4Qed512nx9D723RMrmaVcxNzEtN1l7xDI2A9ymCF3Ff1MTuaHoxJQhDCDRgQZhJFmAsOqwoP/Y3lkzVOx92ryJPYdMw9F9bGk+h2lueb621sRK+qAG73noMtkbavpQdHJyF827agAMJFVVihBqTC+nohX6DkrcZ6/ZT5vG3lWjpdlRzVdwzU3q9FtsnwBXmQhBt9HAjWQoOjmSB8KA3HEc3SM5LOi/tJO43k378i5LOUc8edyh+XKH5o/WprGpmYE825JkyNuD6YDmHYmNlcuT+amiN5uizfKK4CYyFJ0CxQ9hsKhY/18MQuhXQCd3qQr6zs4GVtDnu/bNZ2fqjJ4jnq9dreZrLR4Z7NXavB3Ekq7EIRXxwEhZAV2UysUEeWcQqoKbyFB0GiQvhDAUTxf88dDFNyexDcUdtz2feYoKeo8huGmb55C3DhuNs5O35+dvT84ah1t2/XurmlueI8tNVge6pEsJSE7Ib3uxq1zVKrfZ86HolIQLEXSNaJh1yh09h4wi96Ue0zGnpueHVz1vnP/aKzp7+frdWe9ZmhlUzHHPLdGP6PfSPwduEaCxXCG6qfvWej4UnRp1rFhIF4pjKuhGJ+IP9Ewqitx7zLoeW57jmh++e92n8L56cdajfV/pXJsjzVdXN2oIfdDeVy1CQqJFBZChjFRuqedD0XnypU4E8ryJnmPpOrmy+Pxq2751TrYH9vL3Rtew3Nql5cYfy3LDc4N9+on3r4ArVIk1VwE5Usx3Kz0fis6Tr4hFv9D82dEyiuKuHkNd2L7i+dtXOjlvzq8s2g9X17qqucU0FscN1BysGuSrOUIuRq/1fBLcWIai8+Mjws697fkOepKl6ya4zc7l+duXOiX/1DqoW5pj1dxifX37Su8+KEMzGiRBUwE9SuH2eT4UHeHaa+hW2350dISiuJ+vvqy0U69ju2qNNzo9L0861+lYAoc8XzdodvXuAxHHTUACKhOAjarvtnk+FB3h2ivJF5pfiL53vy364pW7Y07xtn3rtc7Gq461+jHy/BGy3IShd/8YiEaOw/4UVMCKkr1lng9F58fHhJ272bYbnh+hzv3KfY+rT7C2/URn510N4xStzXHPNzY26Xv3u0A0OdgXn7PgLB+5VZ4PRefHXcKCbpXzvT2Uuf/SeUXUPJ7CvdOd8GsNY+PS8/VVy3LD8w363l38dFw4BPvhURxfZ3GbPB+Kzo9PdCIMzU3Pnz9CS/TOi+D2nxyi5fmvujNeY6Lvrl7R3OTxY9qZGfH3wUop2A+/zOGCKp6eq8lMOKkC95FL48a/rMjvVXRJTYYz4yVFugWif0YYkrU9f/4UnUTHNX+4itXzV7pTXuHNO+rZcc8fb9KfSr8DhFJ05yJH1Y88HwMsKOX8qFcLpD1xX/sL+eIef0DzjmYkIBZpPJ/zpypR1PuEgv7CyGTJXdHlzFQhkQpGYZtIPK1NldWbLPodnYi/Dc1Nz/futTE1R+8k1lE5t6nnTDW9fqm5JbmhucEx/SJdByJRoy4dJZWyzJ5L47GAbWAYSXirogp8KVbwRGBvKoV8yR3RMyOBeAj2JOTJVWUW0bXgtWicmsXgNYQBIToZO2Y5N5hBWVzH7c2nl0My5zoPzmuI5iquucX042m66yfEj8EWXTtIKqVZPFfLXn8UkpDS8iXulo94+uYXo4po0TO5ILQnlB6T6ES331WNqEIvMokDQr7RyWh5vr9/+Xgq/hTDg0vPz3Q+YNPv3ZobINGJOgjxY7Cyz72rIeQEpedyvpCCVPjLPC0fRZb3sWxSEid6OFeBJPi0MG3rbtMlTQEOJOA1jAJCvtPJaHu+v4hER5YbHCPPay91PrzENtPbS/N2MTfZpt9J14E4Rt281k32UHguVbMRSE8qLwEuhLOQnPiYINHHUpCcdJhO9BGbjxE4Z5yyX2DP3P81NDc9332KQnf8nUTDc1ReefE7Ev0QaW4w3eYZxSPK4mdmpCC0paICnqjEBTdTiEJGgkXVPc0RqUmuoiPN6ciGaURXIvBaMgLnMwqc59z1P9qe795DomOPHm9sbSHp+LF1GbxjTTuiSZHGiZ93j0FbouPgvVBNQCdEtZJ7miMSSc6iT6YgPZpMKrr9JQQF50XE5/iXyJc6GX8ZmpuezyDR8ddQ97doplfok/fnSHMMmjRO+CJdikM7QmXwHpBiceiUyIgEnIzsMhGZ4il6JgWZqGTIRc+IjOPyzj+DOzoZVjk3mEaiY+8kLmE3rfOkUWuDNMfZon9CWQeCGIO25MB7IBaEPEgkmT8UH2TFXyIQXfjL1TmJVHSQYo/j2KO4GO+xOH2/5fnmfbS7hj2HSjuOSj8K20SWY6BHlF/oBIhdpNsXjaAMXCfjgZyIxAALagA6wJfhI3o4BR2QUEhFn2KO49ijuKjMe4muW55vbm7+jEQ3NTd5WMfePeQKEn17ugf7NQPKnfvvgRAmoC2TwG1KlJbxb0jKDvuJyCQH0aWREHREPEkouhwVFsdpzjdsvyQWfdfyfPspEr0lucEiNnbOl5Nam16iP2NYMHwKhKBBO9LAbWIRyJWsDOiQNOiYUceilxLQKb4MmeigICKOs/8VEua+RP/N8tzgHhK9rfmDh6fUly/Tj7yfTneDhmAbOjlACD7b6LoE3EXNQt54VECDnIYcKDoUPVmBzolkyEQPw2uJqkKiuATgvkT/r1XPt3c7RH9oiv7gGYNwtL37znQ3p/T7a4JOsGX6VCZ3yQQhfxISIEdNQC7EHIke9kEeRMeJRAc2mUhMSBSXB9yX6H/ubpqebz+7FL1l+YOlpTr3zh1xYrtIZxH9ByCAnG0SJwFXqYagCNISIEVJQT6Eqg5En4hCPgRLRKLnbfohEVGcT+a/RP/T0nz7oImL/sDUfGmRf+aOeGG7SKdfMghapFcG6VE0JQKFUAAI0R0zIpJllmeS38cQ99iJThLHhQEzGoeE9AdK0Q8OTu/hZ1oMzw2wwsqdN2Siv9HJAfwJQyhigcbeX4ghz/7EJDusoudD0A28ZJ97QUAUlwTEfK0T8pdVzw8OpjHRrXK+uIhlYvxBLjd5if4R4I53sN4zFlXSo0lAgBqHBIgWPcPsObvoSZuPTuYexfkBOZ8Qi25pflBfvxR96YJFgz1sO5s7Z3ZpHMPgrZCRmZTdMpMscv8gSrpHAn2R/JAA0aKXfNAdvGSH3GCMexQ3BsjRyUW3PK+vYaJbms/ObmPnwrnzttZif7qbJ/QzsCIun0hCG7KAiA+ipMMil18y4kWXPdAlvIRz0B7uUZzE8YkWxEnL8/o8JrqpuQHjgRbKs6oH093U6UUXMRs3CqHjqagPo6RHFNJOUzwexgdtBYou+bjHcRqPy+o+00nZtTx/8mTxUnRTc4MFLPvmz2u7NO6ApZe4A3gTgAiiX7ziUaKQHSeBQ4aglxAvehG6hpc0rClwjuJKPN9iQmwbmpvPJ/54eRx90bR8dmGeKXTnErszLRo+B7xJ0e5JiccLxRBKEj4xKR4P48EDkaKXeMdxeS5T1d/p5KJbnh/+cim66bnBupATLQhM9K4TbOjG5991CgBnpNBAHWchKelxf1bzTo1NjCvKeKaan8olSCtxlqDRJCOYSAc0b66Q9cf5ii5RfL2Q8UkUchd3Xyd8HEQHaS5xHMG0XRVQ8KlOLHq99XziU0x0U/P5+VORu2u46I8tMN13ay3+0YlB+2uu7KJHZECH+JKe0ibVHnaEpwJRiGDbRMiQ6pUulhW8EZgYDUQZRWdv3H2BqYwMLlGqRX/IoehVvnFcmM+0pU5Mo/V84k/3ED8umJ67LfqG8ceR6Pyn3fMDdW7N9pL5eGFMsfk7oxXqn2wcyUNkuT+mgm6kyWyEi+hJoi8TDZR7uaJMJRyJLgW5xnEal2nLj3RiGu131TDRTctx0c90ERxi98aZOBb9W8CXHOTUrwku6b5i3wBHwq6Yo68loySa21xCpxajHET3kxTzERlcRzJAJTp5O6Hxi+JCCudnVJHo7WdS7yEemp7Pzc25J7p1u/u6U9HvAkYYfrKSgAKhJT0VkwAJoyFoz6SDqD9U6BPmeSNORR8jqOZFGdgxnmUXXQlxjONifIYzPtOJabTfW7qHeGBqbtAUK3oDzcCuWzgWHe2viT+LHgUuYldb0mVASrgCbUmzb16n+nevit+Z6HKwf56ogn5MVFhFB1ny9o49iisDGr7RiWmY5fyq6HNuiH6Gi7568WcDS91ZRP8acEWBcCCe9r2+pEcK4xyvrYhIlDNcCE0maikiTkQf6VvO81zvu/NS7O15eEVxFUDFlzoxDctzXPQlS/P795HoJ7oI0In049UWGw63174CXCkP3i56Z0n3UGiOj6tTlpNCP8NIy1A4zi66FOz3t5KkEWuERXT715nCnKK4EUDFtzoxDctzXPRFS3PhoqNh9xk+onM/kR4boLtlOlB96MpiSpSKbWFmmq/3hTnfW+FhWaEnVEDKRJRN9FFecZwcZRxEZh+MQwtlXHRL85WVY7Gin6Pja49aOBX9E8AKdbM4AWgQUdKDTN/CeNRu2oZlFi9IE0uqHlbR+/xFvwzIyUSZRFcjZHEcewUJAATxtRPsos9ammOiv9VFgER/1hZ9nVF0BECInjZVwPtE9sGsApiYhDaU6N+SDZYoX4tlEz3D4zYsxLiPRXQQ4BTHeXiVj7s6gkH0BUvz5WXBor+rtThaG0zRtcEM3S+YigESaEtjlfrpuUgY0KEEmUTP2of+Mm38EmIRPcMnjgtzew/ijo5gEX3F8nxZcOv+T63F3lqLARO9YNfkfrBUKYfj4hwuocIJRxhETxJckEPFCIvoIMUljitwCX7QRVLMos+blosX/QVv0XkPu2cHc3cNwb+kp2l7Zo3jYDHCQ5sTVAE9WRbRYzw+CTnK7c3G/7k7d96mYiiOn/toyLNJG5KGhkcehIJ4CJhYEOIz3KvuSIAoUKjK0A/ABDtbYYK1QmJgBqkLOwOqAAELCJWBDYkBp7mVGMDYf/tYvvxER8Sj/cX238fnnEkFsOhXM8/XnIl+K+OOX6JPSTJeyi8jyYFbU7F2RAAFfdEDk7FSWP1NKHcUj+PqwJWt7PEaLvpE8zVnoj/3VPTAwyctFogkmXNDb8bkAHxpqyt6L5EQNwihC4hOMxYOMYG9lkWnUgEs+o2J5g5Fv51hLPpRgtE7nRYox8xJKvg1FMP/F6Z1Ra/LYwKMKUD0svkmr2zxOJhmYKLfFpq7Ff1Gxh9Ef5mqY1v02KdOzxaZ1eiDtyDLwKqEEbU1RZ9LGE5R/ZK+6CS5HewbRnF1cryiTzxfXVt1JfpjT0WvyI6FOaasEWvNsQyqGemJXqyw9OicAUTfb/rhX6wBh3yeM/qtiear7kS/mrFqJrrtM7r0pyDPxJJtsLpilSrBHNYSfZSwxKItQPQoNozj6sDnBFPqPvZc4E70Rzvv38WXZ6LX/tMVXXI6ndVQ7CBXH+1AZ+ntEs6cvug0bxgWBMBFPNM9utDcuegC/0Tf4+njNcYCgVDjcq1MOMWajugB00DbISB6y2xzUQZ+M1dlXKb5nTuuRL98LcNYdLJK268pLfaYUT5n7uMqJZjREb3CNdC2CZzOpoziuIPAdoCr1n2iueCyK9GvTBrJ+ya6JGGdojwTKl+YNbke6g40RG+xdfSaB0TvmsRxjRowEp3r9VrmuWvRBZ6J/p9WxslOyHPqje1bbFU7gXpQcJiMGACiG8VxC0Dow/Ue/UGmuUPRr2esGYp+jACgcug25Zn9qh9gZUAx+w8JptnqGaIacLESGsRxbeRjU95hBhddKO5W9Bc3M0xFP05WOSgrCs8zXcmrPODWGKKuLnpBofkVyD5A9F4J3uh1FI6CWM84XHTRsNGh6Ms3lwWmop8hAOgEV4rIY6Jqqyzj70tkrLx4HSEzehLRlUP3UpHv4yZEbuX64NLRJYisCywuurDcpejLK8vi1++iPwREB7vAYqM7++Qbxc7CeNBYcDiuJDCx8oLXIkNqyqJX+NoCdBDRh+g+p1GBJvPK+7rDom8IzR2LvpJhKvoJAsCqOrrkEdXhdKEpyc1g0QOF1tAogaroVcZHhA1E9Ojw3+O4CIriQsI4mgpg0SeWiwlJzkRfWloSmi+t3DIU/SxZZX8eamCjYSEr7GEQvcmYRhZURW9xFijGyHf4EBjHteGR6PLZa7joQnOXoq8L08dfpqKfI6uUE+8rZlphZjmP6DHjO91pVdHLClrBTCGiV7E4rmN/Y5IKcNHv7Xh+15nor9YzTEU/SVYplvxuGles700EjKLXAA3M29EGypfdHcablRAL6/vAnzUilONpiot+bwcxyNit6Bt/FP1dqsEBskszgfNeforzQkNe0SPOARYDVdFHnJHoPCT6ADlNNCr26/XPpyks+vpEc8EjV6JvjFnf2LhtKDpZZh/8DJqfTjNhIFaNquqMB6NAuea0x3izEgJLgDRAX5DX68Olcbjodydccim6wFj0U2SZQ96mccWZJINT9B7nrUNLVfS6Qos7mFnsGzwL5AZt6Uh09H4NF31p1/PciX6CLDNKPC2CHTQTHmLVMaojxlm1gXIFLBlTx0RvVLTjuA5HrnsgNRT9ksC96DfMRL9AluklLO+mGA6WPKJ3OGfPFVVFDznn5XQx0emg9g9GgaWMN8VFXxlb7lb0BxmGop8m29S8nKcKbNsx0cucojckoiseoCqctRIhWlI3r7cHaJIJx1JY9OVLeRX9KNlmb+Lhk/RDCR+xaqnKiHG7FCifhyPWrbuUQDOOmwVGogPNpGSib+3wbZdnH3Z5spXx/j4HX7YyXnzPeP1hl6dbAl3RDxAAvHaWGsQAEB/xiV7lLFXpexHGTaOi1zWDyjbcYtO89cT97bcfF/3m58ev91NVCAEfE1YnAIa/Ep/oRc5/fMeL67UQFb1Y04rjOliJoflD1TeftzcX88Hm9uc3qQLHyTqNkm+5+6iUcBKrNryeJlOGqqIP/SuYGTOjFccVkHoM89j9x/Zirtjc/pT+k4sEgY/tGZJzGnECwFACO8+YdwfkLvsvwKL3deK4RgVfLfA07s3Xxdyx+fWfq/pJss9C4lccBwXuuOh7GKdMhqqi9zkPEIFEdDipjSPlYOUXdef2G0UVx/HZnb2yly5sL7QVWrelKFFRn4yJMT7wF5wHug273bR/gcnSILWRmlqIkLSSSIp9Eh5QqzFqTLR4IbE1GgEVCKAJLyVpSIxvPHB58XvOmTndXWbPztmes8HPzs6siWkU+tnfZc75zW5rkzwj0fz/krPXqH7HVIkubw2bmGyu+3Fhrd+mmtW5vlguer/eeVbatu08odCOy0oeiW6oSL//uPff6nPrtqESXf6N/xg9UzXsS9b2yNaevm1t9dmqMHjC2CytTr+iZwzmVP2kedHtkO//ru2yB4GYKdLf/X+Gc87afYnor1om6CMS4h1WS9lFGhBvT+eSSuWxXPSIuT6YnfAnOgiZm9E50LTooMd3Oy4iyQnNFOl3vHLi1XXKZw4faAQ/DafmWF1VS9+fskzQQWR0Wa3EzhIpgTYmuUbR+wzdSJdX3gH/y5aSRm6jy0VXH32TTEj+T40U6Y904dbvnltZOXfunXfefvutt95888tPP3njjddffz1/gJHHQS/5A8Vi/kB+pIhLvkgZoUcB50KhMDJeGKcXfBgfL4Dx8f37ceBNGabvYRwl5wM+lUqj9BhlB7uAsbFRvCjlmZmJxYkjR26sPyL7Py0t0YFcriGrhQwQGdkhC+gVfchc2ZL2L/pWc1834eZFB2Gf7bhtJpdiPN/Y89W7K5RzoFp0WO0AyWG4cyrmizhG8tRyUAS4UNFHACTHgX/aD9ELsJxeXd1ht2M7Dir6MJV7mAuONz5wy3Eqw/OZRSr68bm5m+s1pteL6S9YZggSGdGYpYDJlnufbWkWXR6zQrYxxQL+b31ENM4QUhd9yGc7Lit5souJIv1OjebLy8vw3COi5ytEdwJ7kQZ1KvoItx2eQ/ECPeNC/R6B547sBcjuBHUWz/ECpRJ1HZrjE1wHsJudx3g8L+FEbYfo88zzI3NzpxdO16heZ6XcXks/IsV8PJ6fHJUU5whtBkS3E6Ymb2Ti/kXPmfq6gambEt2O+mrH5WQ3DQwU6fer8uC7S8tgZblK9E9F6i4y97wjeh5Ad+46TC8y1YsFFtMd11k4L1DdqeZC9o30HWcAt2lEB7hA7xLshun8BVhEn5g4cvz43OnTZxZOVKu+eruFJTroIjLiCu0Uc7Mq4wOWAdFBp0QEjYrJRU8aG/SzczOig6CvdlxEd0NTPk7qr7VKW1aWILpXRP/ETd3zwnMKP0Nzajm/jFAK8J2V5/QTBIfkOBd4zo7X8DAN6q7g7MzgCTzVfEyU6G6RPlOen5+fgOlI3c9Q06erTF/7q3UlOthOpARsq0UENUinKnrE1HjMbt+ig5ChO+l2aJOi98d9pHrJhMKaeA2Pa7lV6fny0obo5x6J6KJGzzsH68ZxivTNGMEbpjvQD5DcCedI3jlOFHerdHouiSIdpg/zEl2Ec8BTd+TuXPSFhYXp6YeVpv9ruESXNH013Ao1cOM5a5sSvc/ACmC5ISCg8DeQyujao6ouOujyUVSkDXUSBTU30Ct77UsHl4Tpkq47d53Hc569j7hNd56803ehyOI5Yz+ERwuOHW7Ozv3mId3pycFvHs2Z7hxen7NLGe04iD5BU3d4fuLE9OHD1ytN97id/rxljAEiZ7ell5jy2o5dlinRc4ZWAPcQFdGDhuZ/dG5a9AEf7bis7v6C/AbbWkU8r/FciF7djWPR24nkOCOoA9Z+g+DUcByI4k4gBxAbn5w2uyjMcSrh7SbvaMpxqOfA7btTzV1myqwbh5COxJ2KXmP6LYXM3WQoFQWyTtLZpOLvVMo2JrqdMvL8uVhKKrpK9TRoaxw4rV4ODTb8HswZ7+M+W6fjDs8herXp+76+8s2pyWNgknJy9iTnPcEpzoeMH3744RvK94wLFy58y/iKcf78+a8ZP4MfwW/g0qVLv4KfwC/g4sWLf4KrV69eu3bt8uXLN2/eXJyfKfOYXobn8zSizyF1X0CNDtEPHXoo67w/Y5kDXshJdVj6QDrZmVRbWr3TMiQ6iBgpWnYTJdHtkJGn4HVpED3dsB0XMT908GnvgL58EAjPwb0rs+8fe59ZTj2fBTWen3LglsNzLrqjORCan6dUaA6o5sDRXHguNAc3J6jmZUR16jlMX2QRnYp+ZmGai35oXRLSn7UMYg8SOdmM1rkSMF3pV2rIoOhPmLjjkAkpiC6VBQzG9JVk6qIn4w1+QDJhfu/ji54B/e5RJrow/d7n74NjnEkwO1mr+Xs10VzEc655ZTQX4bxWc1CjeWU4n+fhHPASnTXdkbmz22sw/TBMP1w/pD9tGaWNyIGZeudKdGZUytothkSX/yKDdjObbQNqOVVQ44Ji9R8badCOS7fgebxPebbcDx6t9HzpO9fySRxAhPP3TtYm7SJrZ55vRHNJOGdZO6jUHHhl7W7jfRSizy8CJvocRKee05D+sG7j/UXLKHaUNGCwQ0+RkCCcQEbhNyqpb/lpSO2ewxM6FwQIAmqTfhIdRmZsBjdd6PeabsUJnhP30CsDOhedm37vJDTHi4kOy5npwnOf4RzUy9qBR9YORNbONHerc96SK6MZx3txaMahG4fUfZqZvrrRZ1BYLWO+SgchSVhVFdDb9LBkx6i2UiSk5kMoaaljBxRFB+3atxZ1JHSIDjql7bhcS570s/fRzH31qBAdnj84Bs+F5pV5u4jmXppzy+tV5z/LmnDcc6+sHYdzQkTnqfscv7027UT0qYd1cvfnLNN0kUakcpvOG5DRSkzv1DbdfEhiruIS4LBtYEpOQJ6DaHl4WayTaBJ9m7Qd1617rqV8vfu/GwH9bIXoL7uaC8tn3XjuUttr927CAa9wLjT3qs655rwJVxqr2rxWZktgj2PBDIp0nrpz0+vsYttrmSaZIo1ItFmbItZVUwDH/K50j+lbARRSXS/U00y7UV10tLT0Tu+LEF2iZxKSH5GMt2aD8wuOCRs573KF6A94F054LjSvtRxHTdour84lTTjvcM5fgJ7KYzMzNffREdOh+dTURuN9TW2gu/l+HOhK6nw6Kkz3mSJ26FvTG1IuW3pVC/SEuuhgp94bnNuIJtHBTkk7Lq2wxknDXtV3qzJ3t+t+b5IV50L0iptqOERxLsK5sFxU5z7COZDfOnf1xrmi647ba7REn6M1+gka0rnoFatmbpta/qoeBgWhpjupdl+cELnp7ZpmodqdUtFVby4m1KLpk1HSkID6JsJsv1pWEdclury32JuVPBJdK7Ul+trZjYj+kRvPRbd9lnfhuOcQ3bMHByTRXF6dc81FOJ/Zg3C+MXeCV+q8Rl+kRTrbvSZ6cTD9kGeR/rxlHtG8kRPJNPfDvS0Ox3y1Cfr0bbAPqUe/+JBKPA8RNdEFYY23PdqID4Ia5gpGNXYV5LxaM3Bi5ayI6C/z4px320XaXu+eGjxniJVwnp6rN+FKYAyiAxHXy/NlnrkjpJ8R99FZSN+oQe5oaMUZeORZtM1Wr86DCR+9roieJ0lsiauKnkkRoGUv/PYUaVb0ASIn+qTCzQ29orcRVeJJSzM7akRfFhH94KwbzMUqmQ+//unitevXL1/+3Q83pOy5scebsT3UaLjNX8xsnJ0r+8gWzLgRfeHMCaftPgXWPUR/yTKMSHl9Maiour07JOtqK48ilJPMEjXRQU9DJ2yfRiSIsuiCRn/8KZ91U2wr0Sx6LEUU6ba082J10/2giOh/c8+d8hyen9on9qNX714Dzl50dgJ8/xqfPIGj4GxvwQsb0ukngP0tYo6UM2qGb18rYciMO10GB4fGc/5296k6t9eQuzs1OqgU/R8zq+LkbST9qtu9cvO6bFFX6tiUnQkQddH74w3V7LAak+wm/gg0GTd3xvz8LWaJP4IGH6uRs7Szo3pd3FFH9KWDzg4WHPyu2vl3vGbGifkTxQNsXJwzHRKK40RHTlDVceYjImE49MbVHRc3DMnH3ZFxuHBK/FyC8DCcR3d6heZiaNwEHyWF1F3cR58CDzfWxrU4oIMh4pfBtL8g2x+MEuDL9A4Nc1Zi7UROqMlf5MRuu+Hq3ijZlOh2Y0OzOYWmp0bRnyRqZC0DvFK1o+Wsm7o/qLh7Dj7a5zEc0jnnmefUd+DMm2DgI87jMJ07zthPP/BYzi84sAOdms5OdJcq3qNsjBSOEhWdwne0AGf32hHsXmPNONf0qaq2+61WB3SQJv4JpPsbWberK+4nzXMVkiSInba/vD1MFERXe+JbVl6p59oV/uiUF5sKwlukmrdFCdEuOmgnSqQtA+yoFH1ViH6lwnOwz3vwhKM3U74Iyembj5FCFGchHRRHxtk4KQomUHDR+TwpMe7Z+cB0h+9489kT7I0XE54juu50BexxRHSxYMZT9L1WC9lJiJLruUzdIJAOJwhQML1d/u80ZnuUKIiu/Kzmzl67nmC5sNKfW9OLXEBX3ewm1jZIFAgae5Z1ImmZ4Jkq0d0a/QvqudiT+rfnhBmetfOLKNHZIeI6B5rjGHGnT/CDX3hxDty5cXwQ7Ojw8CgubOQz78OJSVKjZSE6Xxm3IBXdaiV2mCgy2N23q79KgMz2tp4ub+XkJXhfwwxfTjpOlERXD1mpyIDt8f2yNUqUCDS1PFEw2OMR1u2h7gRRIqhh+FxLn+S1w0v0e7Q8F/H84z885rrzd9654Ow+vgFdOFxY6g7cKp2Pk2KD3XkbriB0Z+NlgKs6S9zxGVcc9MRMx6kkVsC699ER0Z2Fcd6p+2tWS8lkSTMkQtlAuLs73N45GCKqpLb4eWhMuEGlkAsQH4Q2+3THUDjY27+h5kBfN7Vch+hgm/+v1/RAUljY0dsTThFVghpGY0k6Kgb4j71z+ZFviOJ4zfQ8untmzMOMGYwxT8QjEu9XRLzfr16Ymeg20X+BjSAWJMSCRFgIsbJDJMLa2los/SVi5XvOt+r07Xa7teq+3Rf1uX2rm9WP+DhVp6rOuS1H9D/8KRkeh3skt2Yc43mmjQOT7bQ9pOAU1oIVwWE5F+wv4RHDfQ1Y+Vyo5YovJSXAbTqu4yud4pC8vQbTub32Rn5Ev8pNli2IOlmWDocLqysbA4J6fX5IT0f9L5msHM9szlw6V2tEMRNx7y2HGv7viv+zmuJFir7VGJ7LXEFcl7NG/wOSE4j+PYrG5YhOxSl7C99AV+l0/RxgaNLxc67VtdizpOF8vefAKVWn6fj4qu4ywnQN6BhhPEUPLZlYS4qi50f0W9yk2VlqTJYrhynAREF2q/nTkF1oPqLo1ePGhKDo+ezUGhNjdvx9bsm1rihu+2tEv0eDOfgBov+cWwWWjnPq3pLfJvo5Rt+QSRo0NZW2DpD7XLfSX+pCqzzLYHtrhEGdI4/LKO+Fa6o8Gce5O+gWnQF94hytNCbJtcNd4SIre0drvbHmSi5O40Un9cn9Y89EFpsrXPTRt17ZEr0orvprRP8tRPQfPv30h99zRe9OyIGWEuo9M+0uU3jfrkUKuovuzMcxE0e4TlfPmXbHq8JL7p3T9mxZd0nGvadLdJ26s2Ycd9d6Rb/ZTYH6JGfvs/94/nzp5VevXnNYP9g52b32H69N5+KLbxQvOvc9JsVsdBGi6fUBuD1HdB/PfwBv5IoeMu6t0GER+KiuhjdlZO817dQC1X1sB01z3FqvYWBAtzk7Rl2i4y8gu7reaclE0xnRJaDnZd1vcFNh69LGpFjvTTsXzFzcbZjJiV4ZmKgoXvTR/+3UXXGsPfoX0X08V37J771miXci83fZQUdMx0DJYbjQ1G8Yr0fjziWgd07H+bm7+A4oO9wW3/FDZMeQab32ipyXYe81LNJRd+Lzz/sl425y02F5pjEZrs65WFMoc9FldooXnSz3D51TFX2/Nuw/XJE8kys6Nf8aovfvpmpL9ZZ+RHJsr6nw8rTw0nPZWNNFehMfvALjOTjVR6M5R7wYwSmbMl3oSVhrycSz7ryQzppxeaLf6KYCq8EUTP61sGrRq4a5uPJLBYgeceVgWqKTIU/yr7pCebonGfebWE7PP/maouf1R6fjQH60JKa3zjHSb4nkqriaDs+Zc5fRB3KL58oFl+dQXUSX5ug2iWcyrrNIp+jWkkk8zxH9Kjc1KoWvFfOr0J008ihedLI11mg6Hxn0rqmN8x94JkL0qM5d1hK9UO7ujejmOciL6BbJMehXiwFdwIiATs0puqK7a/4EbDPcamEeTgeG9FMOdBxw2n5hVSeyxSH9pZaP8g/M3OWmSPGz6MWD/P3scXDZYoToYP/SMS5LViNEp1Lji+lLO9ujim4cD5d0KZjHeyI603Amem4yjobTd0NE157Jus3GzugYLBMHyzlnp+iZFbrm2iG7hnP2SMcrlvsbLcFz4JNxEN3utPRG9BvcdDksdmd5ZrnfmZHRWTroW218YtmJPRcnOutXjO+QQpTo8VeeDlzBMB+XjejUvJ/otrlmeTlqzlScPhrQ8aV6I7LLMRlEd4nmortxyg/gOp0fdktnP1UcfbUKFCb6OxCdXZNpeq/o17lpwgoGxXFFxeWztdIYmVUXITqpzo9p3l6JE50czI0r2TlG0XnMYTCbrnCe6Y7o1JzkrNH/somembgzljOcK/jR5tnXNmRn9YlMRBfDfTzvnJURzyG4VZHiJ6jO/ugf4sAM1+g5Ef1xN30KC+rHO0WGs8tdlOikAjNGZ3PNRYpOto7Hk2+LEz3+dt2uK56nu0U307/5RkR/v1t0qyzjZ+8YefgVXuNbvvBybOJpY2AyThLvIHNzzWbu1iRd+qMDCeb43bW9ZmfdNev+MUL6R/ln3W91JaCgoL5eLXLiOl+NFJ1URk0T8FZttOhkebMxMhsuQvTIOtrWh6l4bn20e+r+Nfnms296IvqblnU/4+jPwFrdCX7hh7+Rfp6Zvrd96l18V8uRj6PoMoaoDrWB+I3h1Idz7qJTdLRes04tXvS3upJxz7pycDT+bd3Fw+KWqPQ8WnRyOOo/83rFRYtuXDJiSq52pYsSPb6RPttdFM8z2YhungMT/UdfM+4siG5z95Za/jIt5+wdhD22NjfR8QoQHC+DOgbhNHz5oC6+i+TysmAceaWrOCS215B114j+bjgZV6KJO1lbX2qMk9r6mvs76tETVxaLjxedrC00RqCGlfFoopODkRKDc4cuVvT4k/hbbiI83ono9wTNxfS+WXfuoAffZfLO2ftZULzpvyA7p+3IyPE6Ol8BER0ExfEQmO6vtUi9Z/U903tNAzpFz7um+uiaKw/LVyyNT/O9/aFMuzw62V11o4lOrpkbNf8QL7pRma3Fz2uWXYTo0d2ZyLybDJWnLaKb6OD7XNENlT0M53piRjXvVI4DUB2PLwLrN9IxglAWkuXi5BuKS7U4v0hXyzl15/ydEZ0VZpB2Z++1nlYtd7tSMTbVF7bckGzUGhGsMBkUL7qxvBD/f5qRRTd2IoP6Eu4EFiC62xulfdVYl+nZiP4N+ap/RNc4rq63OGpMt+upraZl49oa0YEZboVgRXFLx/nzrzpmq8BiNLhI9xGdnVrouVxTLdUCPav6yhhSVAcuh/hSEvlVmUcXnRxcHhPOr3FkdNHJSYzqm1uuGNHr00/FkWcsosNzH8+/R0TvV3jiLGyhd9eYASz2zAGfVlsCOg+4Szyn5oaP6RhZdiIYL11U4TpFN9m19xqz7l90Ck8wopdrgZ5VfXY01VfW6+6fcUJbh2Zxt+KGEL1A1RdRFHo40YtUfebIuUJEBzODd/Mmx5Mi+gcQ3TyH6QPW6Kq6Ko4Xo2biNN9u83fO21kA9qXQuaEZYjqB5Bx4nwWDfjERZ8fiaDvG96Tcs07dEdC7RS/bAj1DlSUeopi/shKxFNtYbAzNyiVVB6JFH131Of4JhhK9ONUvw5yiONFXB+Vf9t3kuOpJP3X/xjQfJDrfUEYq3GBjdRl9mi1O3AFLu0umHTS74nl4PLyeiudUX4Ex3V9TxdQd22u8vAbT2ajFi16+Bfrorh9fve/iqJxsDxnFrl1zbryik+Vrh9zQnmedqwJEB/XZ4+HW5guHjkSLHt+dadtNkls/CKLT9B7Rvw2iW90JPuq57Kbji/P2MEJ00MYXK0mx8gSED7G83TH9gkVl7I4qqz3rCViWjvOy86y7mK5T93cz5Z7LuEAfxfWl+UvqbhT2Zy/721DKVUEhooP9jb91/VL+r6wY0Un9ir9zvba5WnUuVvTRuzOduInyBEU3zQdFdJpu19j0ErroTsPxxTW6hHSekrFluriutnPOLh9oDjAAMZynZl7pzN/hu0e213hN1dd7huZe9HIu0LupXjM7VOH22ubsYcWNzvLuwlzfGfv2Rj3vEtxCPusuiv3V9c1+sWxxYTd/wnK40IfYtWx9Y+GyWr8Z+xUn+Su+jYU+xKXIDxoktyX6ZHlBRee0Hfz0/U85Z90t3d6VjzNaQARn3YlQ0/3cV5zgLVUtISemd9bnpjoMz5x+FdmtmarCCjOcun8kogMWh3y64v4dLB9e0v8/u9ql21esHlbd+Ng62lifX1xqGEvH83uXXHNQcRMD5dO3UeN5yf4Ei/PrGydbbqJU6qvr86jxXLM/hf6rXnYTYrlWQEv0WNNVdJhO0X/KE13lJrK11ikYp70bOtP2JgvM+Lpxbas74Qu7A1/n2UaAgZFcu7XQ7wv1HC+z7uyPrhH9o+w11YdKmojrQ6V+dOXqJVesL2xvXraIKuPbC3tXzG4cbRWmX6W6vFWvby2vVdzUqOCPcLCPP8FUqe4f4N9DteImy9URLdEL40mIbp6DfttrtlLP2A6/MdjMvXMlnXP3l84tlENzQt/l7RSQkgew0aL4bWl3u9TSfdadoj9SiqssiUQfKseFtESPN/2e74PnYMAanbK3rMCM1XWXNxycOQc6bdd0HGlmRA+hnKt0loHVn8y9K6www0FqxtntNZR7BhrSk+eJknNUTEv0+E22e6g5yV5qsak7scYNbL4GKHu2rrvAGlJEjsvAeGL9FfHx9dw1oIPuenGh8gQ817bJnLqzlFQQvcQba4kE2C6mJXq86ff4PJzwa+4anak4M505OBZ75ipdR994DZr7+pAYGdVtf01DOr51EMs5cpWOFTro9GXqnHXngRkV/V0/dX/CJRJlph7REr1YrnsKnlPzX/uKTtc7u2tAZ/ECs3AI6RSd91Q1FcdDsO3QfY2OK3BcRj6Kr+puCfcQ0jNT906FmYddIlFqtgtriR5vOjXPFx1CexjTeRm9b113gFgOzQV8+6OwCmtPWO8GwnwcXlP9gudgs1l3nnXXSy0fSaeWO10iUWp2IlqiF84dT1Fz0L1GN9EZyK2wu8byv9Z1b7EbUzjwzpNxvI7e7qkDaw0WX7Hb6NYiPVSB1eE9W6Mj646NdEzdk+eJ0jNfaEv0+Nm7iT6wbTI/mWYtkJ3Lcx/LITZ054EZao6PDkD8tjqwtqcGzfUBGHnQXQYG9FdR113LPcPzL9ioJXmeKD2HRbdEjzf9V2XgfXTO3c10bqBjkLHZ1JfnZZh3DxdVYXoXzMSp7IPrunPmLh0ceNQdJ2bgeVqfJ0rPZlwfpuK56jnR/Lff+mbd5cOvll+o59Z1Pyc6a2+eq+VwHiMFt7m70FvX/ZVsXfcLzcdpWXeJ6GzJhJD+Vsq3J0pP/z30uaqbJjT9t19/y4vo2VQ7LcegmrORKkZEc3xJ+r1ttaRY/bXtv+C3JOIyovObvRVDHdiwiW7VnlkcMpOMS/vnidJTuaz44q/xpj+PgJ4vOuF1lpYl5fyddKbbNaxb0p2tGzDgxSAR3Rqv8b1gFOfAbDtHKn7BSTzQiA7P2U31oXQeLjFllvcq7m9YKEfFiX48/1fR3+yUe85uprf8SVjA7XNGc8A1OqHkPhXXtK7J2TqwLPZMz1/FL8ithBMzPBlnt9eS54mps85eeAOYbTRKdcz9L7yYG9HNcSousTz0VO1Ax2XkA3glPXunpd1x3dJx/poqHk26q+GM7Aqn7t705Hli6uwv4T553Q1gt9Eo1zH3HNMHTd0pewuyt+weeoucsS4kH7FbikmFzDsVt+7oNJ2I6LBbbRfHZQzBnKYzorOb6n1Vl0hMmb0GWFqtuH7sLDVKureW4bqHBpZ7BvqL8ZzGazg/E+dDEk5eDeXsj463SdlDMo6PLNQ1DcdjcTRdJafobNQiFWYoeto+T0yfrZpX9sTlU0eFn7LurWWo3tfvCGynvyIG1oyzis/WkgmPfqC6PtBbHzn72vSS2yqdvZLx8rKqXmbBxxef6DRZfP1LnIx7KKXbEyVgrxHYrOfl26+uNfqzWKY56b1e9O+y++hmuzxqO3XXfXRWgJWR9Z55KA5fzME1w7Rd3zYG20jHI+tzXmBjyh0/guTyJRFdknFp2p4oAxrQTfVr93s0371s6p2Sh+fuh/IjOt4WTbepu1qOoI6Xd9f08hplt8oTL/Hba07H1XVTXVxnMk4dx0cH9RyFJzBzT9P2RCno3TjbvKS+5sjayRWLjYHMuHJRvS+nlJQVheTILXS/Pm/KAl132VgDlk1VdYWOj26uWUS3qTsfrs45defmOX6o6Jn+6GnanigHB3kT86XjzcvnZ44bpPwp9wx39opuVWDFb6be9WEuLvRNxqeptHlshp1a2py+h80167LIVTpefqnjprv1R8elljRtT5SEIbrRlH0PvXf6ntupxaTHLwZ0noK1fFz3NrpWe9bT7qciuhWMU6+pt2biCPwmMNwOzED0NG1PlISDxgjUtlwJqdz5dvcaXb/1t15OxRCW6KBlZ+MAd9DxHSrA6oC0exueA4yctOObxgO9vmamM54r96VDMomyMExAL/Ep93xuva+nrjtvqLKhgyXdz5l3xw+M3FgLzVp4WqYpj52L40eGi9A42epNiOf6BtfBY+lOaqI01BsjMFfeNgQPP0bRuxukS2kZxnMA10V1wL4NwLo4qOpNoJZLWGdAt0KwvmMLHc8eg7WAfvu/pRdL4v/AEF0sS9Nu7R9Rvf3NzBqdgyXeobs+UBxy2zY6/W437eGdlqB4Wx33eTjznOgxmXA2Dtyfku2JErHzX5y4e+6+30d0s139FmB2aLIoM/YWgObivN1o4aenazI+wPqvQXO+kFz+Dhzn57F7XSJRIkYJ6Juln5ve+4BpzkDOJg5WeEJehnJupLckD4dXP5qMk1djuSlvDdIRxmUE6jlexnQ8t6c9tUSpGCWgz5XhGvrfUL3zAdtV4865yE7T8YrqQtNXk9IvfOTVHXTJxzHtzmhuYCv9Fbu/BpiRYx7u9pRrT5SM+UY8R+7fQOXeB85C42R5iUhul9LPhWA5gN4c9V6LWN61Uuci3fbW+C3FX4VXr0+aJ0rHYSOeWfcvoXLvgy+fmencWiNqN0VHUOfems7dgUhOz/GY5RjCYRkdwrydh+JeTZonSslmI5p19+8BqrMArNjuR4byM33OO6dlhJcY1FlJqsv0tibieACW91r4+JpxSfNEKTn4H8Rzz8M+qp9lV+gs744vX/Q5C4+6+2k7XiJ2c8h0Y4LoMlx/Z0rBJcrJNSuNODbcv44nbn+NG+msDxkkF8ebDO/NcGBGxJavpu+uCFR3v8Fm3VqoO+P5/fcmzROlZeuyRgS1ct1BH5bqvfefESsDq55Tc7vUYkdm8PGKn2aur6nmVvD5Fa098didac6eKDXVvcY/ZuUa92/l1jsfFMu95xh0fX6mBd1puT8ogxduE67Rqbq1U7V2LViZp0NwifKzuvRPb6b+2d7ZrDYMw3A8tKPrRjZI2UcpIRD2Ueg1GFNsjDGB0vMuOY2Bn2DHvf0UWzFjsC3s0trVL4mdB4iQZEX6R1A//4Ut02EOLDp0r49u4cEhM0E52Q5l9A6ecCaHONU11R79b0ME0VPPLl7Gcx6vOx+Ytsx46TVYYHVZOvau9ZsNoskuW+9xa2e9lQd/rqWgkJ2Ih9titFcvEjlyagTTr4AfJxW6WqwL4oHe0MMcqa+F9Dc8h9soThE7ERv55GpMcl7VWUI0Qmqsobsw3rt1uO3gzL14shda7IKMgzNyCtiJKJlf/3UAf7c+3u7zf7MVTIG1Y3YO+PY1uPyOwsmhzrYxku/JyImYycvZjyNfH6tllixzMHdp3l1+jhbuXrx9Y9S+U0zsKSUn0qBe3599Hwh7s3rOsxOgaQXnjEmpjNHafuidUUoyxrloKVQnkmOaXz6Ui1VVTBbl07I+3Cf+CRWg2ejcJux2AAAAAElFTkSuQmCC", ++++ "url": "https://github.com/hslatman/caddy-crowdsec-bouncer", ++++ "description": "A Caddy module that blocks malicious traffic based on decisions made by CrowdSec.", ++++ "stars": 6, ++++ "downloads": 0, ++++ "readme_content": "IyBDcm93ZFNlYyBCb3VuY2VyIGZvciBDYWRkeQoKQSBbQ2FkZHldKGh0dHBzOi8vY2FkZHlzZXJ2ZXIuY29tLykgbW9kdWxlIHRoYXQgYmxvY2tzIG1hbGljaW91cyB0cmFmZmljIGJhc2VkIG9uIGRlY2lzaW9ucyBtYWRlIGJ5IFtDcm93ZFNlY10oaHR0cHM6Ly9jcm93ZHNlYy5uZXQvKS4KCiMjIERlc2NyaXB0aW9uCgpfX1RoaXMgcmVwb3NpdG9yeSBpcyBjdXJyZW50bHkgYSBXSVAuIFRoaW5ncyBtYXkgY2hhbmdlIGEgYml0Ll9fCgpDcm93ZFNlYyBpcyBhIGZyZWUgYW5kIG9wZW4gc291cmNlIHNlY3VyaXR5IGF1dG9tYXRpb24gdG9vbCB0aGF0IHVzZXMgbG9jYWwgbG9ncyBhbmQgYSBzZXQgb2Ygc2NlbmFyaW9zIHRvIGluZmVyIG1hbGljaW91cyBpbnRlbnQuIApJbiBhZGRpdGlvbiB0byBvcGVyYXRpbmcgbG9jYWxseSwgYW4gb3B0aW9uYWwgY29tbXVuaXR5IGludGVncmF0aW9uIGlzIGFsc28gYXZhaWxhYmxlLCB0aHJvdWdoIHdoaWNoIGNyb3dkLXNvdXJjZWQgSVAgcmVwdXRhdGlvbiBsaXN0cyBhcmUgZGlzdHJpYnV0ZWQuCgpUaGUgYXJjaGl0ZWN0dXJlIG9mIENyb3dkU2VjIGlzIHZlcnkgbW9kdWxhci4KQXQgaXRzIGNvcmUgaXMgdGhlIENyb3dkU2VjIEFnZW50LCB3aGljaCBrZWVwcyB0cmFjayBvZiBhbGwgZGF0YSBhbmQgcmVsYXRlZCBzeXN0ZW1zLgpCb3VuY2VycyBhcmUgcGllY2VzIG9mIHNvZnR3YXJlIHRoYXQgcGVyZm9ybSBzcGVjaWZpYyBhY3Rpb25zIGJhc2VkIG9uIHRoZSBkZWNpc2lvbnMgb2YgdGhlIEFnZW50LgoKVGhpcyByZXBvc2l0b3J5IGNvbnRhaW5zIGEgY3VzdG9tIENyb3dkU2VjIEJvdW5jZXIgdGhhdCBjYW4gYmUgZW1iZWRkZWQgYXMgYSBDYWRkeSBtb2R1bGUuCkl0IGNvbnNpc3RzIG9mIHRoZSBmb2xsd2luZyB0aHJlZSBtYWluIHBpZWNlczoKCiogQSBDYWRkeSBBcHAKKiBBIENhZGR5IEhUVFAgSGFuZGxlcgoqIEEgQ2FkZHkgW0xheWVyIDRdKGh0dHBzOi8vZ2l0aHViLmNvbS9taG9sdC9jYWRkeS1sNCkgQ29ubmVjdGlvbiBNYXRjaGVyCgpUaGUgQXBwIGlzIHJlc3BvbnNpYmxlIGZvciBjb21tdW5pY2F0aW5nIHdpdGggYSBDcm93ZFNlYyBBZ2VudCB2aWEgdGhlIENyb3dkU2VjICpMb2NhbCBBUEkqIGFuZCBrZWVwaW5nIHRyYWNrIG9mIHRoZSBkZWNpc2lvbnMgb2YgdGhlIEFnZW50LgpUaGUgSFRUUCBIYW5kbGVyIGNoZWNrcyBjbGllbnQgSVBzIG9mIGluY29taW5nIHJlcXVlc3RzIGFnYWluc3QgdGhlIGRlY2lzaW9ucyBzdG9yZWQgYnkgdGhlIEFwcC4KVGhpcyB3YXksIG11bHRpcGxlIGluZGVwZW5kZW50IEhUVFAgSGFuZGxlcnMgb3IgVENQIENvbm5lY3Rpb24gTWF0Y2hlcnMgY2FuIHVzZSB0aGUgc3RvcmFnZSBleHBvc2VkIGJ5IHRoZSBBcHAuClRoZSBBcHAgY2FuIGJlIGNvbmZpZ3VyZWQgdG8gdXNlIGVpdGhlciB0aGUgU3RyZWFtQm91bmNlciwgd2hpY2ggZ2V0cyBkZWNpc2lvbnMgdmlhIGEgSFRUUCBwb2xsaW5nIG1lY2hhbmlzbSwgb3IgdGhlIExpdmVCb3VuY2VyLCB3aGljaCAoY3VycmVudGx5KSBzZW5kcyBhIHJlcXVlc3Qgb24gZXZlcnkgaW5jb21pbmcgSFRUUCByZXF1ZXN0IG9yIExheWVyIDQgY29ubmVjdGlvbiBzZXR1cC4KCiMjIFVzYWdlCgpHZXQgdGhlIG1vZHVsZQoKYGBgYmFzaAojIGdldCB0aGUgaHR0cCBoYW5kbGVyCmdvIGdldCBnaXRodWIuY29tL2hzbGF0bWFuL2NhZGR5LWNyb3dkc2VjLWJvdW5jZXIvcGtnL2h0dHAKCiMgZ2V0IHRoZSBsYXllcjQgY29ubmVjdGlvbiBtYXRjaGVyCmdvIGdldCBnaXRodWIuY29tL2hzbGF0bWFuL2NhZGR5LWNyb3dkc2VjLWJvdW5jZXIvcGtnL2xheWVyNApgYGAKCkNyZWF0ZSBhIChjdXN0b20pIENhZGR5IHNlcnZlciAob3IgdXNlICp4Y2FkZHkqKQoKYGBgZ28KcGFja2FnZSBtYWluCgppbXBvcnQgKAogIGNtZCAiZ2l0aHViLmNvbS9jYWRkeXNlcnZlci9jYWRkeS92Mi9jbWQiCgogIF8gImdpdGh1Yi5jb20vY2FkZHlzZXJ2ZXIvY2FkZHkvdjIvbW9kdWxlcy9zdGFuZGFyZCIKCiAgLy8gdGhlIGZvcm1hdC1lbmNvZGVyIGlzIHVzZWQgdG8gd3JpdGUgbG9ncyB1c2luZyBOZ2lueCBmb3JtYXQKICBfICJnaXRodWIuY29tL2NhZGR5c2VydmVyL2Zvcm1hdC1lbmNvZGVyIgoKICAvLyBpbXBvcnQgdGhlIGh0dHAgaGFuZGxlcgogIF8gImdpdGh1Yi5jb20vaHNsYXRtYW4vY2FkZHktY3Jvd2RzZWMtYm91bmNlci9wa2cvaHR0cCIKICAvLyBpbXBvcnQgdGhlIGxheWVyNCBtYXRjaGVyCiAgXyAiZ2l0aHViLmNvbS9oc2xhdG1hbi9jYWRkeS1jcm93ZHNlYy1ib3VuY2VyL3BrZy9sYXllcjQiCikKCmZ1bmMgbWFpbigpIHsKICBjbWQuTWFpbigpCn0KYGBgCgpFeGFtcGxlIGNvbmZpZy5qc29uOgoKYGBganNvbgp7ICAgCiAgICAiYXBwcyI6IHsKICAgICAgImNyb3dkc2VjIjogewogICAgICAgICJhcGlfa2V5IjogIjxpbnNlcnRfY3Jvd2RzZWNfbG9jYWxfYXBpX2tleV9oZXJlPiIsCiAgICAgICAgImFwaV91cmwiOiAiaHR0cDovLzEyNy4wLjAuMTo4MDgwLyIsCiAgICAgICAgInRpY2tlcl9pbnRlcnZhbCI6ICIxMHMiLAoJImVuYWJsZV9zdHJlYW1pbmciOiB0cnVlCiAgICAgIH0sCiAgICAgICJodHRwIjogewogICAgICAgICJodHRwX3BvcnQiOiA5MDgwLAogICAgICAgICJodHRwc19wb3J0IjogOTQ0MywKICAgICAgICAic2VydmVycyI6IHsKICAgICAgICAgICJleGFtcGxlIjogewogICAgICAgICAgICAibGlzdGVuIjogWwogICAgICAgICAgICAgICIxMjcuMC4wLjE6OTQ0MyIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgInJvdXRlcyI6IFsKICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAiZ3JvdXAiOiAiZXhhbXBsZS1ncm91cCIsCiAgICAgICAgICAgICAgICAibWF0Y2giOiBbCiAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAicGF0aCI6IFsKICAgICAgICAgICAgICAgICAgICAgICIvKiIKICAgICAgICAgICAgICAgICAgICBdCiAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIF0sCiAgICAgICAgICAgICAgICAiaGFuZGxlIjogWwogICAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgImhhbmRsZXIiOiAiY3Jvd2RzZWMiCiAgICAgICAgICAgICAgICAgIH0sCiAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAiaGFuZGxlciI6ICJzdGF0aWNfcmVzcG9uc2UiLAogICAgICAgICAgICAgICAgICAgICJzdGF0dXNfY29kZSI6ICIyMDAiLAogICAgICAgICAgICAgICAgICAgICJib2R5IjogIkhlbGxvIFdvcmxkISIKICAgICAgICAgICAgICAgICAgfSwKICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICJoYW5kbGVyIjogImhlYWRlcnMiLAogICAgICAgICAgICAgICAgICAgICJyZXNwb25zZSI6IHsKICAgICAgICAgICAgICAgICAgICAgICJzZXQiOiB7CiAgICAgICAgICAgICAgICAgICAgICAgICJTZXJ2ZXIiOiBbImNhZGR5LWNzLWJvdW5jZXIiXQogICAgICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgXQogICAgICAgICAgICAgIH0KICAgICAgICAgICAgXSwKICAgICAgICAgICAgImxvZ3MiOiB7fQogICAgICAgICAgfQogICAgICAgIH0KICAgICAgfSwKICAgICAgImxheWVyNCI6IHsKICAgICAgICAic2VydmVycyI6IHsKICAgICAgICAgICJodHRwc19wcm94eSI6IHsKICAgICAgICAgICAgImxpc3RlbiI6IFsibG9jYWxob3N0Ojg0NDMiXSwKICAgICAgICAgICAgInJvdXRlcyI6IFsKICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAibWF0Y2giOiBbCiAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAiY3Jvd2RzZWMiOiB7fSwKICAgICAgICAgICAgICAgICAgICAidGxzIjoge30KICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgXSwKICAgICAgICAgICAgICAgICJoYW5kbGUiOiBbCiAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAiaGFuZGxlciI6ICJwcm94eSIsCiAgICAgICAgICAgICAgICAgICAgInVwc3RyZWFtcyI6IFsKICAgICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgImRpYWwiOiBbImxvY2FsaG9zdDo5NDQzIl0KICAgICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgICBdCiAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIF0KICAgICAgICAgICAgICB9CiAgICAgICAgICAgIF0KICAgICAgICAgIH0KICAgICAgICB9CiAgICAgIH0sCiAgICB9CiAgfQpgYGAKClJ1biB0aGUgQ2FkZHkgc2VydmVyCgpgYGBiYXNoCmdvIHJ1biBtYWluLmdvIHJ1biAtY29uZmlnIGNvbmZpZy5qc29uCmBgYAoKIyMgRGVtbwoKVGhpcyByZXBvc2l0b3J5IGFsc28gY29udGFpbnMgYW4gZXhhbXBsZSB1c2luZyBEb2NrZXIuClN0ZXBzIHRvIHJ1biB0aGlzIGRlbW8gYXJlIGFzIGZvbGxvd3M6CgpgYGBiYXNoCiMgcnVuIENyb3dkU2VjIGNvbnRhaW5lcgokIGRvY2tlci1jb21wb3NlIHVwIC1kIGNyb3dkc2VjCgojIGFkZCB0aGUgQ2FkZHkgYm91bmNlciwgZ2VuZXJhdGluZyBhbiBBUEkga2V5CiQgZG9ja2VyLWNvbXBvc2UgZXhlYyBjcm93ZHNlYyBjc2NsaSBib3VuY2VycyBhZGQgY2FkZHktYm91bmNlcgoKIyBjb3B5IGFuZCBwYXN0ZSB0aGUgQVBJIGtleSBpbiB0aGUgLi9kb2NrZXIvY29uZmlnLmpzb24gZmlsZQojIGJlbG93IGlzIHRoZSBnaXQgZGlmZiBhZnRlciBjaGFuZ2luZyB0aGUgYXBwcm9wcmlhdGUgbGluZToKJCBnaXQgZGlmZgoKLSAiYXBpX2tleSI6ICI8YXBpX2tleT4iLAorICJhcGlfa2V5IjogIjllNGFjOTRjZjlhZWJhYTM2MjVhMWQ1MTk1MTIzMGE5IiwKCiMgcnVuIENhZGR5OyBhdCBmaXJzdCBydW4gYSBjdXN0b20gYnVpbGQgd2lsbCBiZSBjcmVhdGVkIHVzaW5nIHhjYWRkeQokIGRvY2tlci1jb21wb3NlIHVwIC1kIGNhZGR5CgojIHRhaWwgdGhlIGxvZ3MKJCBkb2NrZXItY29tcG9zZSBsb2dzIC10ZgpgYGAKCllvdSBjYW4gdGhlbiBhY2Nlc3MgaHR0cHM6Ly9sb2NhbGhvc3Q6OTQ0MyBhbmQgaHR0cHM6Ly9sb2NhbGhvc3Q6ODQ0My4KVGhlIGxhdHRlciBpcyBhbiBleGFtcGxlIG9mIHVzaW5nIHRoZSBbTGF5ZXIgNCBBcHBdKGh0dHBzOi8vZ2l0aHViLmNvbS9taG9sdC9jYWRkeS1sNCkgYW5kIHdpbGwgc2ltcGx5IHByb3h5IHRvIHBvcnQgOTQ0MyBpbiB0aGlzIGNhc2UuIAoKIyMgVE9ETwoKKiBBZGQgdGVzdHMKKiBUZXN0cyB3aXRoIElQdjYKKiBBZGQgY2FwdGNoYSBhY3Rpb24gKGN1cnJlbnRseSB3b3JrcyB0aGUgc2FtZSBhcyBhIGJhbikKKiBBZGQgc3VwcG9ydCBmb3IgY3VzdG9tIGFjdGlvbnMgKGRlZmF1bHRzIHRvIGJsb2NraW5nIGFjY2VzcyBub3cpCiogVGVzdCB3aXRoICpwcm9qZWN0IGNvbm5jZXB0KiAoQ2FkZHkgbGF5ZXIgNCBhcHA7IFRDUCBzZWVtcyB0byB3b3JrOyBVRFAgdG8gYmUgdGVzdGVkKQoqIEFkZCBtZXRyaWNzIGludGVncmF0aW9uPwoqIEFkZCBwcm9maWxpbmcgaW50ZWdyYXRpb24/CiogQ2FkZHlmaWxlIGNvbmZpZ3VyYXRpb24gc3VwcG9ydD8KKiBBZGQgbm90ZSBhYm91dCBgcmVhbGlwYCB0byBSRUFETUUubWQgKGluc3RlYWQgb2YganVzdCBpbiBjb2RlKQoqIENhY2hpbmcgdGhlIExpdmVCb3VuY2VyIChmb3IgdGhlIGR1cmF0aW9uIG9mIHRoZSBkZWNpc2lvbik/CiogLi4uCg==", ++++ "version": "no release", ++++ "download_url": "https://github.com/hslatman/caddy-crowdsec-bouncer/tags", ++++ "asset_url": "https://github.com/hslatman/caddy-crowdsec-bouncer/tags", ++++ "status": "development" ++++ }, ++++ { ++++ "name": "cs-haproxy-bouncer", ++++ "author": "hellracer", ++++ "logo": "iVBORw0KGgoAAAANSUhEUgAAAQQAAAEECAYAAADOCEoKAAAgAElEQVR4Xuy9B7gdVbk+/q3ps3svp9ecdBICCYQSepWOFEFQBMRyvV6xK1dFUFSwYgEUsYCgoILSa6gJIYXkkHr62efs3veePrP+z9pJMGDKSaLe358z6+F5eHL2mpm13rXmnW99FYHdbARsBGwEdiCAbCRsBGwEbAR2ImATgr0XbARsBN5GwCYEezPYCNgI2IRg7wEbARuBf0bAlhDsXWEjYCNgSwj2HrARsBGwJQR7D9gI2AjsBQH7yGBvDxsBGwH7yGDvARsBGwH7yGDvARsBGwH7yGDvARsBG4GpIGDrEKaCkt3HRmCaIGATwjRZaHuaNgJTQcAmhKmgZPexEZgmCNiEME0W2p6mjcBUELAJYSoo2X1sBKYJAjYhTJOFtqdpIzAVBGxCmApKdh8bgWmCgE0I02Sh7WnaCEwFAZsQpoKS3cdGYJogYBPCNFloe5o2AlNBwCaEqaBk97ERmCYI2IQwTRbanqaNwFQQsAlhKijZfWwEpgkCNiFMk4W2p2kjMBUEbEKYCkp2HxuBaYKATQjTZKHtadoITAUBmxCmgpLdx0ZgmiBgE8I0WWh7mjYCU0HAJoSpoGT3sRGYJgjYhDBNFtqepo3AVBCwCWEqKNl9bASmCQI2IUyThbanaSMwFQRsQpgKSnYfG4FpgoBNCNNkoe1p2ghMBQGbEKaCkt3HRmCaIGATwjRZaHuaNgJTQcAmhKmgZPexEZgmCNiEME0W2p6mjcBUELAJYSoo2X1sBKYJAjYhTJOFJtMcKeHOjAJdtKVotKmpC1q9r+9p+mNZ3JQylVkcpqssh2tzgvzGaQTVtJ2qTQjvgaXHGCOEEN45lW0Y870Iqe+e2l0rJn/zyqh8gWBqxZlN3IufPq77sj1N/4FVyVuWD+Y+RFG0FXPpq796xiFnTQWqd49lKtfYff7fQcAmhP931uKARjKcycQk8MUdplnUKZWaEfUNbduG+d7efyaE214ce/zVrHia2zSgO2K8eMNxrcv29NBfr8r+8pmR6kcABOj2Sq/eeErPUbvrOzw8LOiUowlYH2+y2KQtxeiNeMcQQsYBTci+6P8UAZsQ/k/hP/iHP/LG+C2rJuTLgMJa3EGv/9gJ3RchhPTd3fn3K4e/8/jm6uc9FEr1tDlXXr+s69w9jeAPrye+9fiW9GdMi+fnNVN/+cKJsy7YVQrZ9boHXxm8bXVWuxAhmprpo59a1hH8bHu7r3jws7Pv8J9GwCaE/zTi/+Ln/WpF6snHhwqnAMPCTA81+tE53KzW1lZ5d4/pTxQPWT1WvDzq829AlizMC8Cfm5qacu/um81m3YM5/cg874kWc7XZrRHupWUdgcd2d0/S93frC4+/lqWPohEFC7zq2ssOaz+rNeSY+BdP1b7dfwABmxD+AyD/Ox/x29dG739qpHQxpinodlAjHzm6+dA2r7cGACZCyNr12ePjWETeqqPF48ljjOlksuqX9Ex7T3vPatIvJ0nNxUwm2tPevn6nyJ9IVII8r2rhcLi667126grGMRYfem7jw2uycDJDI5jjMV48b0HXRV1RV/rfOW/73v8eBGxC+Pfg+i+561QUdE+uGP7SBoW5jBWYmkuu1k7pCVzp8bByoVCQOjs7lV0HkslkYpFIJLXr31LVakTPZjtUi3KBW1TCkchmL0KFdxLJuPhuqQNjTBHCGR8vB14Zm/jftOWeT1OUEbJK64/tnv2/TU1IejcI5BoAoAGgoQC19Qz/km3yL72JTQj/Ujj/dTd7aWP6g1uBu0jQjGKrYDxy7Mz4g+TuhCTIS5VOpwPRaLTQ39/fGwwGR+PxuDwyMuLN5EtHtXXPfAsxhhRNpcqot/dta8PExERrc3Pz+Lu/9FsGhs/K50qzujra/x6PB9969yyGhoaiXV1d//TFxxhz69dvmuvxiJMdHR3kd7R58+YeQRAyHR0dRKIg5g9rx5jh2U2Zj63JGR+nFFnjHUL59Hb3NT2t3oF/HWr2nQ4WAZsQDhbBf8P1qVQ18ud1Iw+sLlnHIQPD7BDz6nmHdlzQGXGlMpmMC2OHk6IQXa9no3XVYmfP6FyHENIKhYI3n682W5YR8HgcW2KxWH7nsWESY4c2mo52dMSGdw4ZY8xvGx5eEvR6h4PB4Pj4eHq+xVhGezz+Dp+D0dFRf3t7+zuUhBhjZtPg+Eyk68jrFQebmpoaEkEymQwXi8VWn883RlGUbFkWVuNxqxMh5YH16dsfHyx/QqtUIeyli1cd1nrGIS3BFf8GCO1bHiACNiEcIHD/zssqFRy8Z8XQ86+XzHmmxUG3IOfPmR+5NIQqLzEMg1paWtBkJr80MTl5Rntn208EgJJlWZamaUY0GtU3bdo018E4ZE/IMxkIBMpkrOl0OqpSLrot7Jwk/y6XcSBRSi+MOOjXd9UPZLPZeKVSaenu7l61c475fN5Tq9XonaRAJIORkVRTtl4J9zSFt/r9fnlkBCiXK8cyDEOnUrlDOI6XwmHfUA0AVctlntV14+kUvuu5ceMsygBo9ujFDx/afOKcZv/afyeW9r33DwGbEPYPr3977214G89lWpufXj/8yw0l9QgTeHFWkH3jiDbHDaJWknRJmkFzrlhFkhaG4rEXfR7PcgZrBZZVZZcrRpSJOJFIOFIF+Xhwx/TDvPoLEAhYWwYnDxHdwWRbhJ+sJBKOqqI4mnt6kgghc3dn/eHh4blut3s4FApJpRK4J4upGbM7Y+vHx3OBkq4EzUrJvWDB3NfItSMjI7woijTP86ymsbyGtcjE2OilTqdro6VqFRCMhJfii28p/LlvpqyrQLeYoNMYPK4j8JW+ruib/3ZQ7QdMGQGbEKYM1X+mI3H06ejosEaTte5J3ZxbLhVntwc9T4Y4s18QBN6yLM/IePoThUJxrt/v28QwVM7N02tpjsrzfKBgGJYWj/sm/75y6BsvDZQurzL+IEsjnaIYgUJYDUHxzfcf2fWx3rj7n3QF757h8HCy40+bKncmy2afgjk/bZk1kecoRSoL81qdfz/9+J5rWgDURCLBG4aBMcYzipXaIppiuUqttsAhiJPN8fhDPI8m/H6/kgCgqolsi1GzBJeXrzgoXy4WQ/X/DLL2U6aCgE0IU0Hp/6APUcQNJhLdplR2zpgxp58oEmu1mq9e16PjqeS1Lc2RBwWGGTFkI6xpZa5Qrh9i8qICFi7xnDC2LgNXP7gmex3n9IKl1kE3AGgawcIoeuLL588/fapTuu3JoQfXjpTPsHivaCgyEDMBTxt4SQv927Pmej+mKAqrKIpoWaxPFCkqFAo1jiQYY/fo6OT5TU3h52k3ndPLNFuMJ1PcAId6enoMIpmkUilnLBb7J0Igug0AICZT4u1I3LLfYT6d6tjtfvuPgE0I+4/ZQV1BXvS1g6nTkNtvSAYKNnn1FzpdrneYAne8UFQul4sV0ulmfySySTAEQaIkd7kmL9YMI9DZEv9zvV4HihJ9AGqVoijKEgRTqtXEWi4XXpMVPvnXrfrlrCEDZaoWEj2UgVjocSsrbr5o3pFTncT3Hh/90+rhwjkqJbIOGkDTdBAdHBwSMv9+ejd8UhTF9LvNm+Pj282UIyOTsyr12pJQk+t5xLilmMuVHx7uDyPkQp2dnSmimHy36ZHoTx7fPHBLyeK6TUtEx3cLX5kV9bw61fHa/Q4OAZsQDg6//b56aw0vuPepdfdlsLOvoNPURxdyHz2hr/XOXW9ESCOXy7kUzEVT2cycjkhTQ8GnqpIrm00c0tXV9ayu6yJN03XD4ByiVTMNntdqpumkVLVANP5/fGXghw/06/9NAQYeNJBMGixGgMPi9AtfPavr+KkO/LYnxv6ybqx4hg4cx2p1AIYD2TTh2JnBP/7XCa2X7viC704PwSSTSa6UV47yOfAWZyhUMwzDSBVqLSznVWa0+4Z2N4axEu6+8/nVj4+rfK9uOuHqQ+mPnjCr/R34THXsdr/9R8AmhP3H7KCu2FzAR/3k6W0vF0EAFqtwydzATafPDd6ww2mH3JuIyCYhhWJxyDM6Ki1esGDuc4VCwTmaLR8XdVtrkaOZ4nlsmrVaKRwO1xMJEKAFgE2nqWg0KiUAhOWvpe/525u5i4jXAjkqaKYFIk9Dp0d789rzDzmyFaHduje/e3Lfe3LLoxvG4YyqgsDHyaAZJpiYg2U9jns/dmrX5XsDg4j+k5OFSDqf7ls4b9byZBLYYm1kRgwZQ4GeHuIfYb077mJdWjn118u3PpTWeSfHUnDpAv8Np88I3XRQoNsXTxkBmxCmDNW/puOQgvv+8OK2Z8bKUguHTOnYsHD/SfObrtd13QiHw2q1WvXqui4UdLEF0aKeyYwdFgr61ul12VWW9e4j56R/XSx2OYgGL1CpaFmnkwHg4zTNyoFAOgfQYeRyUviZjcmfP7sxc5rChnisq6DrOlDIhJlBavCS42ZeMrPJ+ca+ZkT8Gn74au6NrRNqj26xILBagxBYxgFHdHmeOHue56r2kCO1p6AnjDFLnrFu09DJArLqbDAykUtl5jT7vW9JCDtnUOY21NQkEeKo1WrecrnsSyto4cYifVmyLM/UNZk6aUb8xiU9/t/ua6z27/8aBGxC+NfguF93WT1ePb9Qr88KBXxrQzy/rcUDI4nEYDuwAVExdFemCqe8Nli4rKKCU5NrlOhwIdPUwSmwpYuPCB3vZRhZVVWdKORIcJGiKIZhtOCdfgCGwYmTsnFcuqrPVauqi2WoMb8/vAVzNE8pddEB5bKHolKurtjWAEINP4V3t9HRyUWlqtZheN31eh2FKIbVy1K5OVcqz434ghva3MyrczpDK/chIbBDuWrns5tqd4yMp7p5pweXalVPIOirqoruPLLN+ZMzDm36RiKRnmtZKtfW1raWKBBTGDvTyfoxbhcz3OURtuwXuHbng0LAJoSDgu/ALibKtHQ63RqLxYbJV5SIzeRvtVrNP5atzlw9UvzyE/2l00zeB5SlA3AOMAwDAg4EXzwp1umk9Vw4HNaIyF0oFBzBYLBCRkIchgqFgsBxHF83TRfNsoqczzeLorjl3cFJk5OTbZl6fVl3LPak2+3O7JwJxljYujVxusMhTrS2ht6RUalUKvm3JZOn9cbjT3izWQl6erQ9SQc7xzM0kev49ary00NpuY2iAEzAoFoIwFThtA727yfODF7v9zvSOx2oMMZOhFC9XC4HZFlmYrHY22M7MLTtq/YHAZsQ9get3fRtiLupmscQDJ2iapQss2o0GlWJ9ny7D/8IXyh4OI3jeAwQAlXFplxmazW5KRSKDlu0KPB6vc66KKlex1VybHiyv/i1+1YkvqIiJ3BaAQzaCSa2oMnH5n5w8YymPeU7ePfwyPOfWrXxtzO7Y9/mdX2UYTw+mlbrfr+/RCSLuqb1JsYKVweD7mfCLZGVyURiSTlbOS4Uib0Y8HLreJ4vEA9IWZa1eDxulMtl53A2f8bC3u579we2mx7etmpzUj1MN1RgWRrqJgK/k4Nz+oRvn3NE55fJ0UTXqSDisAchRLOgliqVWqBe1wLxePx1coTieV43DEP3+5MywGyixCQBUnQikWBYliXWUNidCXN/xmn3BbAJ4SB3AdnMhmGIDMM0lHR+v1/KZrNBBXNOJAgUZVgKa9aKxKef5/mwZdFxWa60Gqrqcvj921jEImSqrEZRKtb1ZCQSGX78zcy3730t8XkZc+CiLVAwCRC0oD3qzX/33LZmtJv0aLubBlFUvrx26M6ZEc93eYovuOPuEiEqEm9ANJc07WY0rEUTY6nLc7nSEdFY8IlY3PuI14GTLpdVIzpKIsWQe5MYCoSc7lR+/Ji5fX0P788YvvKX4cFNGaODoVBDj6FiBCyy4MxexzNLm6zP8TxVYZ0sZ2BxhkAhjgZ1QjURkynUL2wNC3calMAAQlWRqpUxdmMF834LYxOpKtKj3hSfzdLEZbpcLqvvNoEe5PJOu8ttQjjIJSe+/zSts4bBEBEeVOBdW1OlT4zXzGMszit0O/D98+P07T6fr1ZKlVpURB+ST09eirHJCA5HQtc1r2EZtAoM5kF7IxQK3f96Et/44BuZ63TgwLAwYEQBjU1oiXjwZ05rbWsWYWJvovrOKWVL9cMmh4eOmr9g7s92aPRNkl4tFqt5XS5XPZutNMlI80yOTl5arSjzeI5NNTX5HvIEnP0cNk2KclY9Hk+VSCTDGAuOstpUKWbbvE7/5kjkn30n9kBKrm/+fWTdxgmpGyMElKUBpnDDwenM+c1PLwnLX7IslVF1tb2mU6cJDEW7aH1QA14czSsXzWsP3II4R7/IQIJIBYMl7eTVo7WPGxTn5JCWPbnXeYWX54uqqhqqqlo2IRzchrYJ4eDwA3KuJj4BgiDoCkWxVZXrfnL90D3rxqpdCueFOV5z8NTZvo8GjGKmpFinaoz78Gw6ucjnFCZ8geg6D6UOUqxDBpc7LWJ1o9frHXh0Q/4X9702/lHNpAGBBRxNAWVI4Hdx8Mnjmk7taY2sQAg19AZ7ayNp6chcvTKnNyj+GeMSliRWdblcomRJHtZkjVqt1DeeLp0bCPoeawmHV1ZkuSUxlr7G5/aPtbUF75NlGQKBCrFcEBEdZbNZzjRNUZIkf3d399Z9PZ9IKAPjmZN/+Wrmz4kycugYgYO1QNcksDANZy3ufvT4PubDomkaDMNwFQO1IF3ysEa1XqyZR42X4BMh3njGsKhJsPQRimWULTJ/2ZPbqmdrtABeDsMnD3Uujftcm71ebwOP3cVm7Guc9u//QMAmhIPcDURCCAHUqrrOI7cblRAXe/ClbX99M292yUII5gm19CkzAzfE+coKluWdDBKaCoXkMofbv5EWAwUeGZOmqXI8D5O0ClVnODy5daJ08lC6dFpZw6F0DRb53M4R1pLUkEhlIi5+yElpSiTkfcrtdm/dm6QwMJpdxOvlMu/xpCxLdESjLpL4BCVSlYXlWu4ouaB1Nrd6f+ZyubJut7uWTqcZw4B5qVz2AzRNK9Fg+I+Yp9JNgUAyAcAaIyOYfIHf2ppYMGdGy7o9QUeIoCDLzdmx1Cl1McAUa3I0W5baWIevPJHJH+9z8kmfQA13xiJPRxl9BcfpgrmdFIjLMlYx41EtM5bJlq9oCXl+xSJuq65XNIyxY02e+q+H3kx+RgYeAjw2Pn1kfDHPGenWUChLXJ2nIjkd5JK/py+3CeEgl7dUKnWTW2gaUbgLdAGzkZc2JX4wWoXZeY0Rjw6pjx0zI/JFByuXLIvrQYzYlpoYOSHk9z/OCq4R4KiqKcsBmrZ0w0BSNBpdT+5HTG8CAJceGju0r7v9WfI3YkUAACqRq5xfrtT6OE7cMqM1cN+O37YrGrbrhRrOTW9uGTvG5UcpyuGvWjLjEfVCwjRN/3gy/xFOYGp9ne2/c7lcJM8BIsq5lpYWnegYcrlccyZfPKFQqrR2tzXdFYvVKuO5piCjm1o87q6u35pcPH9GfKfJkSj33hFzMDZZPTZXTB/eGml7Phzm1uwK8dB4bnHIyw263e4iMTHm8/nWRg55jLFlKQ7WYnSOYTSNNrh0Mnmu2xtYxVvUcKC5eTKTyYT7S/SHX9ia/izl8Os8MrUPzKRPc7JsWddDpXi84ej0jixRB7m80+5ymxAOcsmTVXU2Y8oCC1BmGKZWqVSqsmW1MCxrFCrSPEnCc2fN77wdFwrNGs3NUTEzc2xg20mzezu/gUxLwli3aJrWLIvYFzUcDP4jOUk2i926PNTX1Nb9DiciYqKs1yGYyU/Ox8DjsmKEXl2T+q+KpLsojjKxxdKGVZGrVaPJJzoqJktRDKbpnpj+dHsT/6TXHUg7gjAAFZD3lJCVBB5VVbWjUNAPK5W0npXbapcCRjrFIa0sKaGIkxvULaeLZ82qbKkCa9HGsYdG7vQ59BHEMGJfR8vzRPG4M9XaTpgHxzNnuJyORMTv3ESIJJfL9VIURfIoaKZp8hSly4QgQAWYmBy7hG2ekfJivDxsyZMQjWobtoycgRiU9XLUCM/zxKOz5nA4RFVVOZ2mmaZAYOwgl3RaX24TwkEuP0kewum6AE6MVdXgGMYt7fA6rGazY02Tk8WTwmHP625KLGgsyxmG0ZpMJo/t6YnfA3UAZySSJwlRa7XaLF3XqUAgQCIbG62UnVw0obBnzW4JfQcAyJfvnyL/JnPqzFWbxj98/2ObP183eZA1DXhaBMFpgK5SgFQEFoeBMS04aZH3b2cf2/Px5uZAdipWAmK2HEoWWzcO5C+7+9Gt39JMBBalA0no6sSGKRkOmjcAKOIsqcpwyuGBB993Ut//NAcCySQk+Sa0PYvSzkbul0hmzgWgHC3x0OMAoFer+WZdN1sxzWPLolRANMnpAIim64VcegnmnZWISL3AqipXxWwwlU8vbY1F/kT8Kggx5nI5ked5DmqATNE0iEn1IJd0Wl9uE8JBLj8xxxGTF8dxYqVSqcTjcTVZrfoFg3WYpi5U5Vq0UCq29rQ1P04iEguFdLtl0U5R9I87nXS1XC5LLS0tWqlUmkekhGBwe05D8vIUCoULSzVlTldb07f39gKvGywcfesvX/lbWed8DCuApVkgq1ngBS+wggn5WgX8ghMuPqnrWyfOD387Eok0XrqptldfHz7tJ395637Z4ryaKQHNscBrCtYoLzINGbBIA8gaXHPBwm+cd1T71/d03+3xGdmjajVlWWtr613kvS8Wi4cDgJem6ZyGcd60GNWysMEjupYppGYZGHPNIf9LLMty2ybLpzsETvJy5hscxxUqJu9wglQjhOApFCTo6CA6BLtAzFQXdjf9bEI4CPDIpSRrsQNjq6ozIkWpdNzvHyF/J5LD9hdbdCcy6aPdLn7Q7xK25fP5Fh3TwZAvslW0sCVTMmVZlshxnAtALAcC4hhJkU7SDmwdnbylycf/1eUNEqvC7rIYiwghedXW9Ek/+u2ah0sm5zBUExwcDxSjgqRQQIMKFs8Aa2A47+joj648a+Gn93fKL68aP/0Hf970qGaJSNdVoFkKGF0Cg/EBTytQNVRwcwJ88PTeb553dNv/7oUQmEpFPjRTLFzU2t78MwQgFPLFEziGSvIYDxiaVvMilIZwmDh26Ylt21rqqhrsmzv3zWSyGs6X83NjIddWmq7Wdd1pEGLb4fUZoGlaDum6SWIj9nd+dv9/IGATwkHsBuJ2nEwmWdM0cUtLC/kyYRgZYVBnp0I2arZeD4Wdo4XBQedhybLS19IUfV6VNU9V1mdEQ6G1TqOuIRFVKIoKmKbpoGlD9vmiQzsiH/mtw4nvBtzOV0Mh/8MNFwcAolQkzyF5BN6OVnxjtHL0rfe88nhONl0UtoCzEFi0CiZ4wGE4oWpp4GZp+MBJbTddeFL7jVP1dNwJzfNvDp/2gwfX/1XRBJ4CChDNAKOXQWUcIMgApoMDxjThQ2f2fvO8Y99JCDtTye8gOaFW09onkuMf6uvtvg1AEfJVfQFlGHkArYxUXKUcjkq1qoVkWmAlRXNzyoTudMaTk/na4R4XGp/V006UrmiiWvWQ+hKTk5MOp9Mp6DormgwlRLw8KRBDNLx2UpUD2Ns2IRwAaDtEenpwMrNkUw5dzIFWj7rZF6Jhx1pe1xsOSoqi6A6Hg69qQvCFTckfvzVZOdYCVNMMS2A4p9dBaYW+mHv1cbNDH+EswwGgEif+uiMUmthBCFz/5m33tre1/5Z1cOspDVwIgajoWpNq6E4LQ7ZYLnkdBj/cP1E/5e6H+28yOSdChgZYM4DiMGjYDQwqgUIh4BFtXnxC23cuPWXeV/Z3yi+u2nbOjx/u/40sMV6BdoBhAbC4DArHg4gpKBkaOFgeLlzWfMfSub6f8ghRBkK0L9BUJKoPHsASBEIdoCkAvm2bB788b2b3N8m/y+X8XKzrJmC6xDmdmbzKBFZtmbh5S7J6SFGlXADYUBmv15IqwuJW4b6TZ8U+TdNyI5tzNJpvlKwrlZocqTo9a6JYeZ9FMcjvoNd3e+nHd8ZH7O98p3N/mxAOcPXJF+8LT6b1bG4SYTEMR0XMJ64+un4OwGwrmc/3sqJY0k2TmPHQva8kn1oxqiwQiPO9qYFBc8CyGPqirvFPHBNeWNMgjLAZs0zT644GXzGqyqxyXV06NDJ8TTTg67cAJGRZiCwWSzMqxzPDPMv00zS7TRSZiRXDyuW//sumH+bUGrCMCUgmnr4kjMgFtEVBjSuAgES4/MTOWz5wYt+XyNin6sBDyOnZ9emLfvbQhvvqUgW5WAfohhtkKAJHC4AsGSgUAqQX4MoLZt68bKb/uwCiR1VxtKpW5gI23Kah+zVDjVKIt1iaJzkYz+qd0XOX0y1sNutSE0+ZGd2yCpyDSui6W/nrhuQjz2+rHoZITReKB02qAcuyMK/Fsf66Y4LLiOIQDw8TOCEtirThcAjpifKy76+rP0SZFLC8Bl8+sX1eT8D9toL2AJd52l1mE8JBLPlXHh0sDFbqfoNyw1Exes0JIelzyDSDBvAzRZbZSFFmmuPE3EObpQffSMIcy9QAaQoYlAN4pENfk5A5o0X9b0DQhgC3G7oS8PiCgxTDWEDRYjKVOWbBITO/wFBUFjgu6wJilwAigRDbP7G5NyogrRmon37rHa/8NaeqHMdTwGARgFLBNGngsAC6WCMCCHzwlO7vXNhJf23X4i1Tmf7fX91y7a//Nny7hWlWrdaBE0Jg0hVgKBZkSwIKPMDiGlz9gflfOGth+3fffc8dxwWXLINHUTT/xm2bvxMKB1exDBTHMspltKUAoqHC0bgfMWL/S0PaV1YktDaG5kA2FPA6hYb7dlRQc5ceFr1ExMWSpDMh06JCLqQWZYp1JbLa4j9l3NczmAGWluD6o+OHzwzvO+fDVOY/nfrYhHAQq337s5tfHSjrC6qKJS7tDj56XBP3Px4B1RSTa0OGjEA1CrJVdv75TfOe1RlmvkmpwFEEcg8gvQrzO9iNlywKvI/HmCgVgQ6LJ2cAACAASURBVKIo3ufzka8aKwMEhgfHv9DR3fotBwAJStpjhqM1A4XTv//LlX+pkGxpNAVg0GCgGtAMB4wBUDckcCIBrjz7kBsX99DfITqPPfkf7OZlpp5YP3Lxz+9d/xue97OyVAGgaECsAaYBDSlBl2kQaQk+fPGCG85c3LLX7EaN5LEjqSv8Ae+WgEccKNWMOaZR8xsYm5ailCQNm88OyD9fPlCfT5DCDA+6UgGKQtAb4ccvOix6sZ/WxmiaJlIOMdzQMu3gMunavPs2ZX4LGlI4F1SuPbrvjJ4Ab0sI+7m/bULYT8B27d5f0I9SipIvV5ZmxtzUhkN6Ik+n02kHEoSohbEVK5VS6ZDo+dOL8pMrxrUFGiMDTdNgaW6g1DIsme1affkhnuNNkw0JAiBd15lQKLSNKA2LdW3WRGLsurl9PZ8mVZn2NswNo8rJf3qk/546NoBmGLVc0loMq1x1eX0a6CaxYtBaTaJPWNpz51FHRL5LlHH7mvaO8msk45H+xOuJqx56bMMP3b5IieFwDWONqktKGFuC1+u0Bi2d4QVaV04/se/mpXOj+8xuNDqafD/P80o06n+5kk0uYSyDB0FMGBquaMhZf3RL4f5H1+ePIUcGDUTwijSYqgydfjNxzXG9x7VFhUESvk2sCjW329lwSFAUZd145soZ3d2PKZTAzfSgLbtL4rqveU/3321COMgdQMTh9GA6WNWqXRG3sBV5yVHfg6oqBC2lzI2UpWNe7Ff/d2PWiGqMSjyLgLa8IGAFDpnp2/TBBZ4jiMig63qRoihE8iEQCaFYVRZVqpUj2psiP5mKO+7OzU/+v3zlpktFkZpYPL/v+c2pVDtvMXylUG1/883155xw1vE3tHg8FWKvHx7GQmfnnl19if5grDzmXbd844dDoZYtzc2xNe3toUbKtOWvb7hIVdn4yUf3/Zxo/VM18MTdiMQT7LNlMoWjNU3vam6O/DWXyx3DcZahY97EACWd57NPrMrf92R/aqnIcZpi8hwxcZLkKq0+qnRSj/OmuIdZGwj4x0SRqiiKwhAxQc7lgjKl0L29h6yZSpHcfQ5ymnawCeEgF75YLPpIbYJCubbUHwwnnBwql+tKV7mmzQSpWvQ1hV5L5dHhqTqabVAKNkydpyyHt14udTkcinRMb/v1CGnIsqxkNBolbrukOKqQyuYvkTQj3tUcvXV/zYQvv7zuuljQtapnVs9q4g8RCASk8tiY+9WB5JWjufrs7t7o82Axhsh6qowpGxSNLbPhBAmIxoAxQ2PKNClMU8z6zfmznZZRuuTCJV/ZNXDorbcGTkjl1MUnLptzy/5CmM9X55SrleM725vuyRalYxjGrGoG+GnKSvIUNbxiMP/5wYy6JObhnzcoCgkMzhpAh3xOPjEvRD1RLBZ7Kxru9Dq50UiAW2+wfsfg1omPxmPuP7ZE7UpQ+7seu/a3CeFg0CNa7lKpizHreqZsnJ6va0dFeHqDrKouzhVItoQcf6nX63WSQSmdTvPk/yQ4iRgbxsaSszOF7KktseannU6urGkahTGuhMPhSSJ1JDK5S7CF2dZY+Df7G8H32LMrfzJzbtNdXdHW9YQQiImOlGR7/I3RK2/99XO/El2sioClLUyBCQap0NwIiNoBBfk3UVaScVqVepG94sQlt1977sL/IWnVdxZ1HRzLHb5ucNsVFxx/5H/tL4T1er1pcjJ7bk9P+6/K5dwcBjOmalkiTRsZS6oZE3npMM4XT3hZ462dWZCI5EPSxQUCKaWa9HsqNN1czuV6kaWKOudvUU1XV3er8IOAyzVIjjm2H8L+rsr2/jYhHBhuxLW4kQsxUy73OLWylKtSS9dtG7l+blf0tx6fb6VF0wYLxZKCmlDcJyR2mvlIqTav10tKssUnS+rZWC6J0XD0CUFgGrkDvV7vaCM1WCp7Ms1w6aawb/X+DJGIy489tvbew47quiHq8w3ukBDqABvpR1Y4rvrRH9b8XEMqGT8YgIFtOEXuuamMAR84YsbdFy5t+mRLSwuxbDTKy09OqrNe7H/tS5ecctwV+zM+0pdgt2Vg+Ly+ns6HSqVUK9IoWhdFxrIso5JM9GRk3NfW3ftYi4cf39VlmxxxOjpAzWazTuR0enDdcIBec7++afib4WB7siui/Dzc3NuIrrSPDfu7KjYh7DdiZCMPwADlzXrZcLhu1NIhD3a4zFxxcinHcTVV1ToDXu8an8/ZKGC6ry87kQQ2DqY/7gqgNW3+yEpyricJVwzOcAwOJM5r8gdf9zG+YYXBfopCLEe8dEyDt0RLNXSDcWiOlCmYutfrJTERbsuy3JLBBZa/tPyHxxy58LMiy74jueqLmyZP/eodrzyhmAoIFgKVpoHFe3fosygDPnTK/O9ee+bCL5A5kWK0oVJILEt65/MrVn/rfcceexVFKfWdiV53Byr5uhOJI51Os8SZqFr1utdszF87a2733VGXK73zmolspa9ezLb29nY9N9UvfLWKI6lqcqGHFlNqvehRAUSvK7Je0Czd3eyuwgAg1LudxOy2bwRsCWHfGMH4OBZdrhI/XKJOI6nPDIt3etlSP1IUxHG84Qy4c2GPZ0iSIJrJTB7b0dH00FSDbEpppTtTz3cFO5tWBhGqVFPVCDgB3uwfvmx2e+9DBlMtIKR4TIEzHNhhmmbNpVMMizDnQQYlWZZSUlW17HK5eIyxR9Jx8/KXXr352KMP/++WaHTLrhaK59aOnPG1X738qEkZ4EAcaBQDltFw9ttjI5LEB0+c86PrzvtHDAQJ6FJVpvO519b88OSjZ18Vj9dTCPXu8aUjRFoqgVNVa1w06iIJXrnx8fRxra3RF3YNtBoYHV3kd7m27Y1c3j3QVKEw10SIbfb71xLdy5ubNr1fV3Tk9oQGC5ieqSE6YGKr5uepVQtbQ6v3RdJT2A7v6S42IUxheYeKxfZKnel6sD/zSKWsOA2GQsfGzHtmN/N3zmvveWOn0o+IqRMT6TOdTu8Gv18kov+U2pahoWNqluU8tLv7+UReDqmWLqYnE0dE/LG1glMsKWo96uCg7mTZDCgln8zyImadGSfGVqHgkTo6wKilawGDZ8SaYnS8/Opr31p25OL/Rgjn4vHtwVakLV87csYNv3yxQQi8RYOMUcMMurfGUACXnzDn+1efs+B60o/EDjAMQ2kaanr+1bU/O+64BdexuyhE330v0j8er5uZjMdX1Nioy4ELGEt4Ml3p8rNsbsaMGSQvAmwdmZxV1+iWhTOiT08JtB2dtm4dP7+3t+XxnX4aFYyD1clJR7KGFj26NfXDfolvFxCCpU3ep09rbjp7b1aV/Xnue7WvTQhTWFmSLKSou7p+8MbkeqVGATh5uKSF+trphzfdtFO03VlPQJKk5sl0+qTujo57pyIlFAq47c8vbLp75VvDR4aCgaQmWYJJYQ6bKiUgTiZeBBSNmZlt3o0nH9b7GT9Xz+gcp/p8vnoulxNIsyzL1DRN0ADclYo+d0P/W/99yrJjPgygFHw+H8mI1GjPrh4576bfrfgzIQROxw1C2K5P3HOjKQ0uO3H2D649e8lnSK9hPCx0ok4lk6nFnnp1+S8Xz573XZfLt9E03fXW1nc6T+3wZaCJQvW1LdWblq+euJzGUNcxgG4g3kszOYPVNbcgSplSOhwNBnJXX7josqYpkimJHNU03BSP/6N+RCKbncGY5oQieCO/Wpl8Y6hcD1gGgiObPC996ri2Y6ew3NO6i00IU1h+ogg0WE/ox28MbaiWLVHlBf6CduFXx3b7vxqJRN6u3Exy/pG4ptFE4pxwILDS4WiUOdvrIZ2IuTfevXrNG4PpWZqhAm3yQAsMGHoNRIoEEvGATQPmtTsmr7tw8TkiW54kCUlV1YwKApM1DInneSpP1GgazQlj45nTh4ZHLzvyiEXXc4ZeD4WaGl9g0p5aM3bp1+9+5T7VUhtBScALAObejwwW0uGKE+f99LpzFn2S3GM8l2vmTJPXWNa1clX/jbM7m+9qiYVXKoqihMNlPZfzccSfgmVl1jAcRpWqUlSVUp7sz9/x8HMjH2RYB6jIAE2jQDQR6Oz2SElgAfwcVfv6J5cu6g4L+0zgSsYyODZ2eDQQGHPtoocg6d9CodDE4GB2xm/eTL6c02k/IJZZ2Op67Jojm86cwnJP6y42IezH8r/w5tilHOerFgGOD5jFzSKuVLrat+c7dLvdJIFpw7NPluXmfL7S1NISfX1fZ1aST+EHv9rwyoZkvQeRLzc4QFbVRj4DQg4aZwEyLJjVIiY+ffnSUx1CpUirYtiyrG6eR1s1jfZgrBuKIrkMzIubBoevz6ZzC3q7257QlZJmIKagK7UC1vn6pnx14b0vZa9weZ2AFB1k0wIG/VPh5ncgQkyTR3W71x03O3wfQ2m0auEml+io8aKHfnPjlg/P6Y3/prWl6RGOpyss8DUS2kgaTxSgBqcydU3ytnnLdz+y4Rd/fj5xDUngorEyGBYFDpMFnQXAigI0L4KHQtI3rpl3TG9H+B15GHe3RERROTaWPKS9valhhdmZqm0smTxcy4y5q5qDNmIzdagX9LpFR7y8nljYHW9U0bbbnhGwCWE/dgcpyuL3++WxstriYKuyrJpBq2L10jSgYNC3UhTFndKCMDY2uaCtrYkQwl4/wRhj8aY7N6xasSU7h0Tp0YYAdVUB0U2qnXGgoBLwjBNmtTgnLzq1+xMiLrKlKlxWqcizTKVYq0tcwNTlmmHqmBdd5vDo5Gyn003P7Gt/jcP6ULwj/nuHS9jEW4Hya9sGP/Dd+1f/wgQdWM0Ci2u8tntFgGE4uPT42Xe8/+jZX8C44B5N5I+pVirzVc3semvbyJk0suSmpvg6RZKcpmUihqYZUXQYHq8vxYv8UJPH/5iOtfJT67JfeX515VyipNSZKhiAwGnyoFMa0KS8m8lBzCmWv3hl1yl9Xa3vKCG3uwEmk8UOl4upu93ut70jy+Vy7+aRsWuag/57m5ub+5PJJE/8JrZhzPcAmFM5wu3HdnhPdrUJYT+Wdadtu0EM5bJaDQadJH15rlyeWymVYm6/f2vE6yWxCJDNZpsMw+Di8fjbSr3dPWoSTzpu/0lq3YaJeq9m5oAxBHA4nVA18oAMF3DERwizEHVr5tJ57KMel2oC7Wv3eUIaQ1Xybpd7G8sxG50COy46PaW1b26+zeV2TXZ0RG53ATPq8/mID0TjrX9y9eBl37pn1e8NpAOrG2CyfMMfYa/NlODacxbffMWph3yV9CNmUY3ReEZjQms3D9/I0pTU3tn+Cx1jC2saJ9Xl7ppUnyXLakxVVaquaZSu17LrR/EJG8fds7GBAbN18naCQyWEQOIvMKjgAD9Dqzd+qm9uTyQysK9l2TYysrC3o2Mt6Zcn1pVEehZN06ZCUwG3S+hndV3eVX+yr/vZv29HwCaE/dwJxISWKattrCXlWE3j3bFYBmPsaqRHTxfbdamODNYjrkpaV2u5UT8db85zhi4xLC4yDKueMyf8/V2lhizOur/947dWbkpasxhaAaNeBUH0gGZhQIgGMC1ArAaz2yLD157ffWrEssrYYVlqzdtB8ZZsWYpOaiiQAiomLXIvv/rKz7s7u55ujUYf4DjIenYJZHr0tZGrb/ztM3fxvAi0KoPOuvcpIQDS4LrTD7/l8tPnfqkhmo9jsUonnTrPCxsHRz8n1aXWJQvnfg4ACt5qVSm73UTJSdyvPZIk5UjdxWg0qv/04XV3PPxa8kMixQPoCljAAPkPmwxQSAad4iDIccqN18ye390aaZDqzvbcQOnaQllq00AgylaElCojmXTzYX1tv4xAbYtp6qzTyWRJQpR0uhYlUeKkYGw4HK7v68i2n8v/nu9uE8IUl3hHFiOUrtWClkK10WytwAOPfT4fqeD8dsIR0u+x1WOf/82K3LdFjgUwvaCpFeApDVqbgoPXHd9+vBCAsp4uB+v1fLBY1zsfeKb4401JM4aRBAJFEQ08yQ8A2KSAskwwaRlmtvhGP3PVgsM5TVMDAUnP5QJ+AKnK8zyvaRpvMAxHvP5fWrXqtq6OzodiweByYIx6fBeR+qkNk5ffePezv7OAA87SoG7xwMOeTzTEAqEjCq49ff6PrjptdiMXI5lroVBw6rpujmdLl0xmS8ceceiCb2ClVNN1vdrS0mImAGhUrTqa3W6SAbmRt+EXD77167+9PvEhhnyDiPJUcIGqKiBwFOhqDUyWg4DDCZecIH6yMxZ7TRBF09WMBo2iO/DbVckH1g5kFmu0h2JpUjFGBhqZsGxm6MELFwY/Wq/XlZ0u1UR6I3g0ciyGQtJUE8FMcRu857vZhDDFJcZvYQ5mb4Rk0s+43W6XjBAFJuMKe/jxd/vOP7+lduWPlifvoSkWOFwETLEAlgEe1pKuOtT9gYBbSLl4sezxBIuqKrO3/O715VtzuEtWyo0MR0Bvz3jEAgckMpjiNJjbFRi56vSus7ta/P0kxDoajZK07Nvl/ZERruTzCaRK8ksvrfr2okWH/1gQrK3kQ73zRSHd/vba4HW33vfi7USmcCJLMWiHQKwIezo2kL8zFAVXn334zVecPKNxZCASEsBGRCow9785cOJgInHyIXOOu2EfUZPoZw+8/run+0uXkeoTqlIDzuUAkjCGtVyADRlMjgWfwGpf//iiOT0R78BoPj9bq1YFoyp7ftcv3zFQQjNowdOwuBiqBCIDcP4hwdvOO6Lts7suYSaTiZmmaTIMQ/Ja4h2JWKl9WXumuA3e891sQpjCEpOIRtXn0/VKhW/xJGoIzdHI30jogd/vHyUVlXb1CHx5UDr/rhdGHtIVmfgaA+ZdYGIT4n6++PkzYr078xGQr221Cv6v3/XSms3peisplQ4GBZihAFsKUDoFmGVB1yowp801/In3LzmjI+4e2vVZb+G3uDlojkZcirly2LH8mWduXnr00V/vicUasRG7ti1bkouf6U9daWKEkSphTAmggL7dMwkTO+R2CcDCFmEkCpsWoymy65TFvfcsXdDxlx2/v/1yDQ1Ntr+6dvVHLzv/fTfs6UtMrAEbAain7l31u8dW5S9yCl6gsAYK1oCjDVA0Dlw8Awbo4KTM+jc/u2xO1y5+CJkMdt3+2vDqbWlpBhCvSssEi3UAcZ+4aFHkp+cvCjXMoTvbjlqbDZ0Jy7IM0SOMl8sBxeOpe7NZdn9T0E9he7ynutiEsI/lnJwstq8tS58Bk2UQY012OKk/zm6NkHTqHoxxsyAIhYpstAi0lJUkyzJNlluXlD/0hzXFG1iSIJl2gMWJoJsGNPm4/JePbe+IRFCjLgI5XlQq4Ht29ehXX35z04Ven3cYGwxdlWtet4MtgoYdqukIMTSoApUvtnrx2iVLZvxCody0pkgiQ9F1AB0YQCqFECVrlmtd/4aL5y9Y8AcPSzeKn/L+pjSwIHQ4obCvRCv72tlbJ3OzagbjRErNoE3VVCgQ+jdse98RC+f8nsOUYjA6Y5qcSdMUjWhGo5CC6gYX3rru9TNGctZhEtvkMWQ9yGJsAsvpplRHlNctg6S6CvW8u7uldetFZ3Zdtesxh2D01UdGtw2mpS5kakAhBBbrhHq9DucdEnpyWav1eUGgSzRNq6IompW81EMLuMpxXEXX9YKGUOytPPUJIjRgy6r1xehfzohGh/Y11+n6u00I+1j5NRP6SX9YtemvpZLm5Jyssazd89OFvHFrgbUOZwzc6/f7J3mnOMyZ6npSTYjc7tktlat/+Wr6LkvTwEQKGCYAMg3ojoey3zu/q+XdL+ZYKjW3VJEC82d0vTg5iR2msyIImqarKs+xrMzoomgwkkRPpIqLn3pl9cffmuSWGqzHYakI0SJW5brEOEVeIhmdqzVFdDgcspOnZTA0oBmlZCKKPe6Qlvs/cs4Rnz/Qjf7SqolL73ti7c15meqkQavRSJM1hKlCBQUDXlcdm6pO0RQwrECTClQ0gEXTYLY5qxtOW9p5W3DpkscdAJRVLPKWP68wpZAoqj49FkMkTyQQslFMOjK/1b981zESieXGvw1t2pyq95KK0ZapA4NIslkLLjg0/v1zDos3XKpTKey0rFKoXM4u1XXTgykssxw/mVSFBU8OSd+ryRJQNAunzQx+7n3zorceKA7v9etsQtjLChMz45qRyin3rJ14oqowAAILJ7UL9xwVUD6GRDHupN1qKOQg0Xokmo/UAmic6V/elLjy2SH9my7KGjAMlw8wFkxN4kWRq1x5ZPNxfj+Qr3ejLBs5bmweGDs1EnAtJ0E9RFeB5iBS6fht0ZwUKYnH3VkiPr82sP4jP/rDylslhmGQgYBjeFClOgg8CxZxRaZ5UngWeBYB1jUwKTcYGODsJW0PfPmKIy450A39/Lrhi2+6+/E7yjrv5YhijwYgLsg84wZsqoAtnZwywKJowBgBSbhI0ju+f+lht5991JzPE7fmHcVqSXUlMm+CGcm98LZn1OaB0aP6urU3SKDUDrdnlANwPvJK6q9bxrOLBHegyCBLogzJpClK6IvQz563uOtTu1ptyuVyQNd1sa7rPtAAD9XMY/+4Uf55WVbBonk4d77/R5fMC+13sZoDxe3/b9fZhLCPFduUSMy4Z01heVnlYgpFw9kz3DefPy/2VYwxn0wm6V2VdsT8mBnbFuE84ULN51NbUeMlaFggxrLZpkRBOmlpX3sj5+DOwiVbRtOX0Dw/2Bv3v7C3oZB4CpqOUv2ZsVO/d/eK+0uaSbPAgoJ04BhqR9QiBUYjrwkAi/B2CwWigAROnzrPf+8NHzrp8gPdoE++kbjyu7958k6dD3KmqkFD7CHHIVQHbGnAcwwoqg4G0MDzJD27Bdgy4Lxjoz/73PtP/sSO+RICeNuV+92FYNNppVuqDLd29s56Bxbjqdq8UjHd3hLretnvR2/XbiQEMzAwuigY9GzcWYOBKBWxA2MHdljVarU+ni+d+qdt8FDdopFGC3Ben+t/3zc7SGpC2G03CNiEsI9tkahUgrmC0oYoRke6hurlQjTscY+Ewx5yJkfEzr/DJOkZH08fK4qOLeGwZ8vubptIZGfIcq2pp6fjRSJV5HLl+YVqdWHE3/KnXTf67q7d8UKh5W9uPeum32z4M4l7MBHAdplkz43QA0mEct6RHXd87gNHX3egb8Fjq8auuu3+F+9Q1IY0BBaigehIrB0EtKf7XrSs5/ufunBJQ6yfSts8PHaOU+RSLdEoqXhtVasQGE5sPXP+rBn3704HQuJHhseTi1wCk4xEIgPZejbuAAfU64Yrn8/MVDBr0S5HVcEUy2JTDjPilpaWfSeZncpY34t9bELYj1UlYm6pVHKNj48f6faHJYbnxJZw4DmSJHV4ePRcvz/0hs/nXL8nExchjsHB0VNDodhWnueN0fHhi4Kx0CNhz+4JZNehNQhhAJgXqlvO+uZv1v+JEIJFIVJYba8zoBFqEMd5Szt+ev3FS9+hkd+PqcOjK0euvu2Bl36hasRDAgBTTIMQTHI82Eu7eFnvrf914WLiuDSlRqJGN27cdlVzc9tjXi+f2DI09rGgx/tiKORduycnI2IKTSRSC3mPo8iYpmCaZlsmVTiKE9i1Lpf4QiwWI1IFoU7ivrwPCp3SMN+znWxC2I+lJS90LpdzklimRCb/P6zoiXTFQj+bzGaXeUTxtXDYT3Ij7LF+AnlUulCYXy7UT6VZSgTE5LpaI79HCDUsAntrOyQE5vn1m99386/7HzSs7WXZLSK6761ZVoMQLji662efveSoT+zrOXv6nUgIt/5h+R2qhhoSwlQJ4ZLjZ3zvk+cfPmVlJtEd5HLlhel88eJYtGllLp88oq+7/RaEEAke22OrVquRQqF8GkZ0e71WO5JmIBXwBe9mGNjg9ydlYio+0LlPp+tsQpjiapPzKsn0Q9M0JViCUwKtb3gy+R2sm9aMGd3f9bnFlwCgvLMQ67vPx42XqOHUA871/dvurUr1lkWLF5wjABB/gYaT0d6+XjsLy27OVN5346/WPaCbWoMQ9iUhEMciQgjnHtnxk+svPvJTU5zuP3X7+4qha7//x1d+qukUQxyWpn5kmPH9T114+JSPDIQQZBmaEqnUpyczuZMPW9D7WSfPk+jHnVWriIRC9BCNJLC75KOgq1X5iNVr1v7K7fZQzW2x3zs47skygOU02GQgIGZ3zc94oDi816+zCWE/VpgoEsmmIi+7LMvxyUz+i9WKtMQwtFJvb8ctpqYRV1niY1CxLMtJqgpRFFU3TdNgWVZWFLNVM8354+MTN9SlemDWrDk/FlmThO+WMMaFQEAdRmjv5cxXbB09+Wt3rnlK0eQpSQiIRBdiC84+vPVXX/7Q8Vfvx3Tf0fWh5zd/+sd/XXGbabENreVOQtjXkeGasxZ98cpTZn5nT88lRFsoFEj8Q4xETlssa6oGdI4n0l8anUguWLJo5vdFQVgFpllhGCavaVoTRVEqTdOGZTGqgSRGoAXJMCCcyeaudDhF4n/g9Hq9Lwf9nkd3VMtW9hV1eqC4vNeuswnhAFYUZ7PusWr1VHcolMImzMgVCidVy0Wmu7PjZxjjnGEYSjgcTqZSpTBN6wpxmJFlRFOU4ksk0p/gHY4gTTOeXKEwc2Zv552A8ISpaZMURQ0Eg0HiCr3HtnLT2KlfufP1J2RVmpKEwNJ0gxDOOqz5zi98cNlHD2C6DQeqB1/Y/D+3/3Xl90yLbewZE6gpKRWvOmPhDVedPnuP5d1IBSZyBEMIeRs17gCcNUlfmExlLnJ5vDlFqVDtbS03MwBljLFpGAaRskAQBMk0TZ5hGMOyrNax8YmrRYcz19PVfouqApdMjp3kcAj90Wj0lQOZ83S9xiaEKa48yVtAPmA5AK4yNLY4Hg9vFUUxm8lkljkcHjWXyyzL5Yuxttb4z0mmJEmSEIk7Iv705BEkzqBWU3qr1fKSaDS2heH54NDw8Cc9HrcS8Hifpyh6OcuiomSxcAAAIABJREFUEa/Xu9fQXyIh3PCLNxoSAmJJktS96xCIhECsDOcsbr3ri1ccd+0Up/tP3f743KbP/PThlbdamEONFO4YNQgBb9cx7rFd/b5FX/3QqTNv3lMH4jdA0zQn6XoMGYbfArppcHDo0tbmlicFgRsZHk9c4PV4n/N7fK9yHDYx3p4mmtR1JMcGXQff+Pj4dU63oxoKBB8PBLwrCdzELySRSBzj57hNzkiEKBWJO/PbBXIPFIf3+nU2IexjhUdUPGt0pHBRRVLaOQalvDzaNrcp9pjT2Tj7c8Vipo+ieFbD2JTKtbgsa7Qr7F3LW1a5Hq4bTIL41QE4HA52YGDo0nh76ysOxmlSlB7CmIptHRj8WGtr+7Net/svimKUwmHn5N6GtGLLyBlf+fmqR1VdaRACNveeRp1YGbYTQtsdn7/8mAMyOxIJ4Y/PbvrsTx9Z+R0Lc43hEQmBQ+Y+rQzXnnXY1644pe/GPc1pR9JWD8dxTpMW+dGRoU/xLF2NR0IPMwyTq8oQGBnaen53Z89POc4qMAzD1mo1CWMc5DjOGB3PfcAf8I743PwEcFwl4HJt3uH4RJgKrxooXlezzO6cJHc6GHpwVix411RTtL3XX/7dzc8mhH2s+kBBnXvbs/1vlKGVp6kaXLskdtExLY4/kcuII5KWTndIPE82X0llGLmaSoUnytKyYS10SYC11hsGDmq6jEFXsWqh+JkLYpdhzLl4HjDSNDop6cuSmfzpc/vavwSaViX5APd6ZNhaPvNrd/zlNwWJCoosqbyEG668hq4CJmK86IC6LDX+5hQ50FQMJo3gvCNaf/bZS5YdsJXhgSc3fOkXj6/6et0SOQ5bQJO4AkYADZOAIw04hgEiC5FMSIAZoHc4Rl15wawbPnT84j0eGQghCILAmmbFIWliVzYxcVZry4xnKLc85jJohRz+H12duB9TnASCuywybIqxFF0yqQ4vpw/0+Y2HnE7nJCEHEmwWCARI6vm300ANFWrzf7x860sZPe6xjBJ88tj2i49ucfxxOr7sU5mzTQj7QGljXjvizhc3P5NTPE5s1eCC2YEfHeWlv/3/sfcdUHIUV9evc/fkPBtmo3aVhSIKICQkgRBJBJlgk2yiEWCDE7bxbxtsg7EBG4tskk3OwWABEgIkJATKeRU37+zs5NAzHav+U6NdvMiKCPyBmD6Hw8J0V1e/V3276tV79yIn60W0fQKlhh20xdHCqPIWXac7ysvL1XfWhH/x9Kr079SCBqbDBUgrAIdV8FgZuHZa3VinSEVFIEmMqg00oNri+VMkgdta5nd86Ha7P83E21vXXn5v00/ueXnpzRrjsrAUDYpOchMx0AzJUiKZisSlNCBTBVLLQDM8IAbg7Mk1f//5Ocd+7iXDPxesuemxN9b8Kkc5REJrTshZNdMERrAAmYOQug1SgohpGgwTA0cyJMGEa0+e+IfvnFJfLJ3e21FUcc7l9ITDwe/s7J7js7E7LBZ/knWgpJGh3QWaZ59Z3vnW1kg+mNJoEFkWGFMGAsHHDwm+dvFx1edms1l7oYCcokgxDoejtVAo+BOJnB+Aym/LUnOe3dB5aw57QWRUuGRcxQVTa6WnD+bl+CaeUwKEA84Q8PB/r9o0ryuFBtqsXOyE4aHbJlTZXk0pSlkmq54fi2Ynmwgjkc4/x9F4vQiQXZfmr3quSf+5qpnAG6TAibACmQQQ5OuOD472cKiLbF8KgsDb7en8qqbMWeF4umZwVd3rVre1qGQk2+1ZcffWGoQAUCoF0qam1Sdtb4tNbIqh4Sbt4AxTZQTg9OIEnqJNXTelzkh0YHl5+VaGxgZS8gKiGKFgapZjBnufv+j0CTcTmbhDjbiTHIgPPtoy+/01XVcotMWCdJWnGcMgmRCdHZnBleX+rRhpFAYKUyyLDcOQGKAxNnWmxq1sPu/4o39RUV/R2pXBPhNnUMjhyIXDRbJlnGNTQd6QuJScGRCJp48bM8B+N8/zqgKK087ZCWriu95p/WhHAhpMRgDDMIDGRjF+ceIA/uUT6z03FMAIyrLciAxzsMft3kyLfIRn+Ha/39HVFIPxb2/a9YeuqFIrCGbqtDE1P5sQcpLdh9KxFwuUAOEghkU4i/1gA5AADCcA2VosqhSRzEVZTg5NF6CGYpX1UAA5n89Lm8Jw7Uub1Z9RyAQVYzA5EUiCXMBG538y0d1QW+sPky+jRmsuvRAIvfzelofXbe8cLElSnMYCwgw2TVRQJCxig+UkmtYLLiHfdcww37Ozpo16mKTw9tcu7CsEikajlmVr1l86esK4J2p69Riam5OuAmVIEs4la2trtQ/X75xJS5Y8Z2qGhjFyUGyx2pC8eCyHEcLcp5l8pLoKRENzACRCoVAqEon4yvrxLISzYf+Kj3ecc/qMyX/vL1ZD2iM5FWRLsTsHzgVvvnFjLO9o2JUWxyjZAmcVuKxm6rxFgJRsKhZG5+m8rrq9Vsm49MyGM4awlWtjtla3z1eTSKVS0h8XdG9uSejlLGBQlDwwFkJFAXB8Nf3xtErmRxaHNcXzYl6SKIowWO3p0p7dFHegApikvuQgXP6NPaUECIfp+mw27Nd1QWIVJa+wrEIION7dEP3+wx+G7ydTekwhMHq/bA5ex1eOEWYFneJ6N02r4HRCvGBpePjlVS+vaUmGyNdP5GxAsxyoWgZ4YMEQNdC1nDm2MfD+Hy+fftKBKMFenv/uz0fPmv7XOooiyU6fHiQw+PayHRc88taGeSrinaApMuYkC4ULJJmKvPskMapPj5L8TWNSKqFozBmTBs777lkjf00i9f2Tpwhd2YfLN31/9inH7TPPoBdsmDueWPzcO+tSc6ySB/JyBiSHDfRCBhAtAI9YYDgBRKzA9Rc1zqqocK6wkw7naaa9kBv85HrlzR3RgoM19aLSlMFKoOk6nDXCO//CSf7ZRBWa7OJYLBazP4fkYbr2G3l5CRAO0+3xeD6EMWCvVyJ04LilpYVZH8U/fWpD4RayASAqaaA4sTiQHRZGOWcI/T0rR+U0pFEGYkWHyCtPvt1xX1NEDxlEQIWWgCw1KA4B6KSi0AGGmYeRA+zLb5977KQDdffVdxb+ctzE8Q/2sTL1P/+Vj7Z89y/Pf/yoqlIUpytAWwgl2f63LVUWwTmT6h67ZNqgH/j9fjI7+nRbY1tz94TW9vZJJ045+q8H6tezC3b8/p8LN9/E0Hwx4KkgsmVqgMgiMFQVDIYHn90Kc8+pOq3c6diRLMhD86lYOc9Iqec3Kfe1psFJ81LxWl3TCFTC9Ebrwjljg98ipeCOXsJgh8MRO1BfSr/v2wIlQDiM0UE+YtFoNAAC2LGCM6T6MRaO+XZmqdOXRcQb1WzW5NxuRlcVmsV61uuyJeaMtH3bbuOjOIexpiXtndHEyOfejd25PYZqCckqjzlQFQy8pUhJDFhlgBUYOKrB+cFvrxh//IG6u+C9lT8f3FD/ZlWVZ0Pv15l0q7gMeHPJ9ovufOnjxwHzNKPnitRuCvrPtuWe3IrkvxkO4Ozx1Y9/69iauVVVVZ+Zbu/a1XNcezgyfuqxI+48UL+efqf51icXbvwF4YxkwATVZEEQOcC6CQxHKNUocPESzJki3hRyubfzNgkqyqyrNIWzvr459c9wUqnVKMFiqqpuqhndYXfB0AD71kgfflCSuAxRb+J5XinNEA7kif3/XgKEw7AfAYRUqrtao+wDw+H4IN1UuwZIzEJ3fX12VWtsKiv36D5n1RaLxTDIgjqmchWDKhxNePt2ARoaSPIM3hVOVj3w4o5F6zvlAdhMA6EppxkLEMl2ChDwmAWT0mFQtW3d1WeOP3dASNzWP36wZ/cXr1hzvd3p3j56YG0xcEZqIPrW968v33XRH55e9k+aEYHSs6AwEljItuF+DtPU4YIpgx6+5txjSA4DCUh+WiS0qmn9BbJGB6YcNfwvBzLj3+fv+turSzquo1QEPKUXt0LJzAdwACg6CZhnQdRN+PUVoyaFPNxmwRQsWMqaVJ6mExQ3kEJIM01W5ykcTyYjA2Ta6qoMWFboWcUny/lGjmMZm9u2vdznI1WRB6j4OlBvv7m/lwDhEHy/RyCP7ACwLV3dF8RjifEel22RVRRXa5rWFQqFjHXrNk8oK/Nu6x+E67tVXzvkZW0ON1fc93znG5u7jOEUIwNtIMDAACMyoBRMIEWRhIEo6FAzk0cIz9glLauZUpXV4SiITCEusE7FbbVu5QU6zot8eldr96kCI6SnjB/0N1J52as2RajdmFeXbr347pc2PqyhAvAGCXbu1o3c30HYkC6Y0XD/1Wcfd31LSwtdV1dXjE2QnYcV63ddSXOGXj9k4AuQBMizWZY2TVsulyvTVdOj65okK5JXURJ4aVPs/JWb9RmmbgBIJCYrAK8JoCMDOAIOjBUcLAXXXxA4cdyQxncjkeQwniecayhIYpRGkZJNTGhYQ1gDFI50jS2vr5kvGIaGEKqIxdLTcnm5sW5ww11uUewqqTQdwsDud2oJED6f3YpXdXVlJsfS4emCIMQ9dutHkiR1FQoFUvjkkWXV7nRa1/VnVNrzViSw35nNOu97dOuS1a3yEE4wgNJN0A0MnIVoOlCgm2ngWR4mDAksnHvmuHOdTshGM2qtVkA+Q+mxxLJ4OIUVNS/LLgMDtbOl45R0Ousd1FDzb13LcQixjEAZHXaLt31jT3b8k4sjP2RFCjgd7ZaDP8AIoICHE0Y43ps+svx+La95rVZbrqClXQgz1lXrd1xmE6V8bU31m6ahCwwGzHK0yfKCKfJ8lmbFgl2it9G0mX5rTc+Ni1cWZhNCFSwqoBgmWAwWkEUHpKmgUxJUOhxw9VnBmZUucSnDSI2iSEtIR+OBAjcC5GEY1m9g9A5CqDvekxglWq1NdhffZBZMnmEkTVbk4RSis7RIRSr9/o0RACEIkO+d2ewf+Q5jHBxJl5YA4SC9ubNLG/dua+pPSHJKNrm7fWSAv89rFZsZi8baebsiy7KV4ziTYZhsR0d4vNUqtphm1Y4D6RWQJcPfnvz43ztizDCK1oEhym0MW9xes/BCkaPQUAowcXBg6a+vPGbygbq7vT06tbW1c8bYYSPvYtkc19wdG4q1vIILLPdJW/dpjy3suJERoDhDUICUT++fL8QwWThhmG3JtBFlj3IMB16vpw14pFsFh/zJ+p3XD6yXXhk5cMh8ao9djT37+fjbG//yyoKu6xFmAUkqFDQF7BQHBUwXCWhJwNDDMfDTbzfMqgpYN3GczWYWUuOB5W7GFJSReqZimxSzGTC1JJPLOHPZPOuvKHtKYtQtCCFd1wW3z+ds6u7urmlJm1PWxqgrs6zdL1Dp5hMHha4f6qIOKCJ7IPse6b+XAOEgPbx4a/zyx9aEH8oyNqqBl3ddNaV+Rp1baslkMl5GVXmdQ5ai5nFxp6H91GDQ96+ysrLWA3AcUM0d8ogHX1v50uY2pcE0SYUACeTxoKoqWDkGDEoAZCpw9FDvqv/3vQnHHYiApTUcH7Zxy7a5p06fVExT7tOMILORV97fePndrzXdb4BanCHoDAfU7lqhfR6EEOk70+v/Nmdi3S+DwSDZZfgUQV5Z+MlfJ4yqf6DC52s6kBkfe7Pp4Vc/aL2MxDApHkFe08HLi1BQASSaAZXSwGcR4QfnDzyzxuPdjHnFiVT5eoq3XFC0C02TLVECCGCaZjvGOBruDnucgbKFbsZ41KRRWNdFdyDgLuo9ro3oJ93/fstbGgKQmEz6qglD54yskYpK3aVj3xYoAcJBjo5FW9NzH17dcW+atsBgrtB+3fQhU2tdVDNZo2OM7QzDcLquc4lEYjQAA46K4KL++gJ7uw1Zh3d3p6oWrN5585aW9BSPw9Nls4qRrKp5DMO0WxgqXTAYG8cjubHS/sHsyfV/OFCWIdkGXbLik1vPOGnqZeTclmi0vMbnI1tx5qsfbrr8Ly9uelBDCggmgMHyBwQEUqdw8cyBf7pi9jEk/ZjsWHwaVPzXO0vvPHbcmLs9HqntQGZcvKHr++t3ps+gNFU3KQrHE/l6Ny/1qNhwC8BQ4WQ4UBEMZk+fUnWF1+kI59T4WLfFUqbqcIthGFaGYSgCCqTaUdNNU5IszT09PT4V07mglf6NwEsrC7TAB9y2taQvy5uz5z++IvKMYiACCJmrJg0/d1S1+PaB+vlN/70ECAc5Aj7elT9n/pbIbYZodbi0ZMdxNda/lrmllSJtKBzHGTRNs4QUpaWl7cxQqO4ZUaSSdrs9uT8Jsfb2dikUCmkrN6w8jZVc6WAwuLGidx99447OY4cNqFhxqOIqCYydSxcuufeYE46b66WoTH/dyZfeXzf3Ly9tvtcADUREAnkHloMHE+A70+rnXf2tiTf0j96TwOjzr334+MnTR/74YPf++wdld3ZkBtZX2lvDAIwtm5Wae3pGZrMwZlDI+RTLSoGckRxuZaRKAHoMxngQ4Ukg6s6macq6roPVak3Lhby3I5qorfa7bxdFywfJvOqtDvoWd3d3u7dFCnM2Z7lzk5QlKDByeNag8p8O83AfHqS7v7GnlQDhEFzfmyJMKhuLZJ3huDo00r5tos1mS0h2R49m6P68nKsu93leM01T9/l88X290IRW3WKxiLFwbmha7fRUBKuX0zSd7xN7Wbdp54yRwwYc8hSX8Da8/vbiZyYfPeYmr9e+qRd09JYWYNe0rr/y7le33k22McmSgRAo0//JM9qrJWiag/OOq3lg9oSKH4VCIbUP4OJx7Hh/+Sf3nH3K+KsOtIzZW8Obt7WcOnRg7ZvRaJNd1x2mJKn8ttbc+X4Hs9NmKysINkbDBaMaUVQdUcgilYxFKkeaTiOEJIZhGISQJRxPT+QAdnq8ntdjiUQVUNRWvyvwjtdr6ejG2FpGUfLe6OwOwe3fqFNLgHAY7iYAEUkmhyV64hMMEyoTicSw2gG1z1s5aQOZIciynA8Gg+Ql+kyEm3y10+k0kYJzrNsWnVs1QHzRIUkdPouPULsX6yS2t4enSk7rxr1lHO53zU9SlN9d9vyYsSN/T6bPzbhZrIVaA1qAfaV53dy7XtlyJwEEsmQgEuykInF/B9kEvfCEuvuvnn3Mdf0JRnpyPWUffLD9rm+dcszlFEWRSP5+j16qeqKBSURYLat3Nt8wZkDdnalUKsgUGNmUTCOr0I1dzVun1tYPWY2FHBJ1ERkstgssS5mm6esVcY1QFMUahlFBQEI1oHFzU9OZdruzze9xPVdXU/kA4ags5SIcyCN7/70ECIdotyIIRMBCiekgrXMFv98aJoG7VEofumr75l81Vjie83vKlkuSFNvfl5O0s2VX9ykeq9AWDLp39J0by+crqYLp6urpPoMWpO1D6ypfOhjl4qJwTDZsZzHr+nDp1r/X1Pmeqa0J/Ntr8Xb0PeLzH7f96N5nF99pmAwgTQBOUgCh4rp8n1YgSHbVWcfecem06iKVOuEvUMtVlN3FTl+zesNVs0+Y9gODRzqtKDThjSRxBkVRXJTVmrepNFuAAgE+QpHGmABumuZEQzWGtHW0ntZQX/8Hl8u+gABK33Ii250NdKcTJ4UGVi8WAUg6OJmREaZnugAgSgAkHkLnAVxKxhiZibVMimfRtNq6ur97HdyL2WynRdNEQsVuBIPBYuVo6Th4C5QA4eBt9ZkzyVScBLoI/wEZoK3dyZlWt3s7B2kz3qmMZwVbT03IVpzyE91Bkyt4GF5SGRqYbE72F5ScX8+p5SOHVhMBkk9nEPF4fBhZM0diybNMDJtGDG6440BJNkVZtDDwEZp8PG22Dau33+7xCUsGVle/YQvaPn0pFq1uvfj5Nxb/pKaqZj2D7WZOi0s6xRKOwj7lZxoRCTlCbEBhhsxkUolkxYlHD37xnJnDSXFT8cB4E796nXhaW1v7STOOH3gTQrqp6xbDNE0kiiKfN/JlNNDlkklxWLA4MTbKAJBb100/RXOOQkE9KhLpHlxfV/Ogx+O6C4CkNYHc91XftCt2XZqyj3XbqI9cItdkGKZXRyYt2PmdFRysh0TC2lMw6hQ1V1VdX78kmjVGpNLJ0Y0h/0OxWMyDJQmrVmu6VNl46IO7BAiHbrNPr8C4XaKo3fn9O1paprtralb2BvLoRAEqUi27JOQvsy9pyv1iXWv8WJbGKsKYUSnWQxsqHlLu3HjNibWfKVjKEkCg6YZYOjtFVpTu4YMa7zrQ9Lc3tsFHIcpRMcqxYUvbhSKLYsNrB73uqNhd7NMei1Uu/2TlhZOPO/bRA+1+9DcJkb1/e+lHN4wcMfD1ITUNq0jsg+d5dnNz56yeZGb05KMaf48kyULl8xThMSAp2jRNezRTG2TlRFbRzXE0bdjJzAAhbKEoTsxkc8MTiXhdVVX50x63+1HSPQAgM6ricumN1V3Pv7U2co5VklDOMGgKmyAyWC8L+uSTB7Df5Tmux2uxdLrdInk2kjlJdXb2jA+Fgh+RXR/Cx4CQP9snJHsYLv7GXVoChMNweXMsM7jO52jq6kpUMwyvBnu/xr3rZVJSbHQlCzX/XN7z8sfN+TFc745dgbODaCowtdG7+Nrpwal9QS/y70QiMQFjujGTL4xMxJNo7KihvzzQVuPaXeHxq9b3/FTBeRfNClyiW2vAkE0GAuXtDklsY3iHurlpy/gxo6ueOn1C/T2H+sgbdySnvbhw+R8ClQMjFpaRdS1l6exODzEZyT/Az71rAmcXWZwfUet9OVQufkhIU3Ud13I0W2aCPh7AcBG6OYQomgKWSaTSwwxDF8orfK+4rK75OtI7OY5roajduo0vrUm89uyyjtks4ZGgcbEikzVlqPTbC1dPrhxXXbabN7H/c+BmLLZKreU1wZquZDIpxt1upbEXYA71eb/J55cA4XN6vz2d9qxsk3/tYm3tsVy2ZvQA30MNHmHj3pp74L22lz9qM84y5BRgUwOZdwHhTjummnvrmpOHnEzW/72swEw8lToZMDOooBveru6e0ODa8uucTuc+VYsI0crGdnzuY8+t/Xtc1ShRsoGmMoCZDNAcC5whQ8GQgGUouOL8cdeePtZ376E+8kdbsmff/cSHz2YNhtPyWQh6XJCWZUCMBIKRA8xaQWIUOOeEwY8fM7z6dzStsRTPOFlDrkMUfwLDUEEAzCFSdIRp1NXZPY5lmazL6VztDXgWMqBvAuB2kmJRskx5fmVq/itrwieqBAgwAwxLAY81qA7YEz+aWlfv8VCEw+EzR2c8X7Vg4857XVZ3OyVBx3C35akBFZ4D5kccqi2O9PNLgPA5Pby1OTP42S0dL7bF9YEqIOqE4eWPnl4d/ClAAvKmGQz5/c07duxgHAzjemhN4fW1cWE8h1RgaQQyZwPOKMBRHthx1nDr9xgGc6IogMAwYkrOnstykhsDo3d395QNa6j4DkIo5fP5ilNjUmBElOBDoRDZHkAAq6iPN/qPv++Zba+lDJBIBMDQGWCEPBgYAW8CKJgHESi45PTaG+dMGfinQ33kFVsTJ//p78teUlhRIpVFoFPA8Qg0RHgTGUCMFXA+CpedOfTBE0cHfmGappXnwWEYuXEGcpxLAQQAEE0EoU1E6buaW8c6HLZui1VqFyS+C6lKj2rgHhoZqwAEZcHW3J+WdChjiHYlMgQguvIM6FDpFPJXjndMNhVqR3iQrzCNzMC6uizIVi7t6Mx95+H1bX9jVQEc9mzy4qGVs8cNCpTyDg7R2SVAOESD9Z2+q6tQc/+Kne/FFalOYSiYWi0+fVYte5Us+w2HI8F7vd5P9RofXhx+ZmFT6nzaVIHBOuisBJShwqhq97qfnVo3gfAlcpwsyLJcFk9kLlE0/ShNN72t7R3BYMD9IcswnbzAt5AEKI7jgBO4Lh7zWwQBYuXl5cmFK9rmPPJC0zNpMGmaJozIAlCMBqpBA0ezoGMWXCwP3z2t4upZk+vIttwhHcs2JM969Lktz0bVPK+TkmzKDpqeBFGQQDWyAIIXKDUOF53SOO+Yo2y34zwu1zA1BpnyTKVAn4iwLmmaxhgGQhgxRmtbu1hTW6XabJY2t9v1ocjDEoaXPvHYbLuInsILn0Rf+de68OkaMkHCGFSEgMEaHl5XvvLGU+qO3XMJlUph97Id0Rsf3ZW+UTQsYLelMlcdVXH8qNrdacyl4+AtUAKEg7fVZ84kwat5q1PvqRlwZihkP22E/5ZZDc69rs+f/iT5+CurOi4RWQZ4WjURIzBKPg8ThtV/fP1Uz8T+Dedj+co8p4eQTg3Z1dZ2eUXA/yRFQw9CFGMaeo1maCFN1QqmiTeCCS1ke2Jzl3nOa4u7fqhwBiCUB/KVxGACy7gAOLXIgszmFfW67wy9/ISJjU8e6iOv3pWccttf33tNk1hXHiPgaC9QkAAKYWCxAZgNgqkm4MxjA8+OqXM8Q9NcuYLYaYIIoyw842Y4xmBYKsOyYpRluOSunS2zamqr3+UFdq3faX0QADr776S8sjrx7AufdJ7HCRYgMjOaCUAhFYbUBJr+38zg2L3lPWxpzh7/2PbI04zMMYiNpS8dXjN7UN2BaywO1RZH+vklQDgMDzc3N4sORy1vmlFEuBT31VRrHA/duHPX7Eqfc5GakQOmKEkOydYVtODmPYVZIpFUPWNhiOTT4G2trb8JulzzPTb+WRYZCYZhOZMSAyZiVZEx2+x2e5ZkQi5a03bGvOfWPV/AIs9hE1gEYJCdetYFhq4AYm3AagW46qz6G2ZPbjwg3dmez7F0U/KMv/5zzasFGgNSs2Bh7aDiPJiUBShUAMw7AGsF+P7pNf9vdrVwR07yORCNnJihR6pImcExNMUzIBPKNFXT/J3dPceWV9Yspnlpmc9peXTPXRQSF5F1KpQuyBXtBceISrfwSWf7zkkD6gYsGxyQlu9PFr61NeazWHB2f/44DJcf8ZeWAOF/4GKydRfXaV9DwLmDbNtha9BSZoP0vtKacXu7lBKEwR2RyE1WKRiE3o8rAAAgAElEQVT2OR3zEKdETdm0IX43C7Ou64m+6sNFq9vnPPjCpmdyJsORDB4WU6DjPOimABKnQlZH4LPa1MvPbrxixpiaJw71kT/cEDv7r4+tfiEHQOoSwcJYQUcFMGkRWJwGkBygyzm46JTQbeedMO6XZPZkmmZQZ5iAhePKNNMcgwxcBSzLqAVtQKS7q64iVPk2zwvPBJzWf++rP8X8DTPhqaz0thOWqZjL5SGamYfa/9L5B2+BEiAcvK0+95nNzc2u2traHJkWE0AQBIHbnyBLUd4MoYGZrHZ1HitCwGO/3wpcs8ZxisfjyYXDYZFlWZp8BclW5Turtl30yCtbH0wbjEDEXVmTBqBl0EwRRIoFnaKA1hS46ryh153yObYdl27smnPvs5uezAEWEdKB1jlAWAZgRRAQBWQZIdIA3z2j8bZjGl23Eb0Jko+QR3mHgGkHRfENBtBHAc0HMrns0elE1FlfVX4XrZuLHH7/tn0ZNhLJBU0uI1R4Koq7BTt3dgx0uSq7vV7q0/jM53ZK6cK9WqAECF/ywCgOajMjlJeXk+QbKpvNelKpgrO6Orhzb7cmWYfRaFSkREdFKpWfkcx3DAxVVjxkw3w0Z+QsNhbyhQJDZObzPp+vsKM9XbN6R9s1zy1ouSGLWCBxfyJ1yosGEH1aXWWJshrYaQxnTS2/78KTBx+SnBtJenp7ddfce59eeU8WG0R1GVhDAkzLQKgUkCoBbeWB1gpw2njP0lnja66z2Ww9GMewaPIGonUHzVh4BaEGmmZ98URihqrkherqijt0Pd/u81XtU7quqys2mLVyZsDp3E6AryOaGWACstX2ch58ya77RjZfAoQvye194inN4dzkoJPeYbFYSF4+SRG27mztGtxQW7lsb7cmcQny/wWv1yZnMo3ZnvzI2tqqf5smIirzLpYVkxynK7KsBzL5XG06yVfsiqRmLFuXPFM2MEvUmLGGGZbXcrKMXaIdpzSsmpxu4tlTGx8dUe14s6KifJvNRnUf6NHJlD2ejk/c1i7PeGtJ29Uai0kcUdBlRhQEnZClAMMTDuSc6BJENGN08I2GgPCOxEumx8+stVicROKe1TRNMAzDQ4KB6XT6JFU3BX9F2WuUxuZ8Pss+AaG9PTzebpe2u3pFZ0h/27u7R9iEYLvbvTuJqXR8sRYoAcIXa89ia02JzLGywVZSikkj2hDGVrqIOKwCkPUA2NG2bZtHDxo0bL+lzSRBp6Ojw5mKhQfbXP7VtbW1ZEOBFPpQXV1dQ3uSuYmagVFdhedJhknT3QnLgDxCnMBCwTQFBrEq6myNT6oO1XzCO6UcZ1K8X+K7NFYWursSs9w+26oqz26q9r0dsVisMhpNNvp85iqfb1C+OayEeJue64jEG6Od8gifT9wsWMQcKvB2jVasGARbjY/eINF0vrk7daFmZLxBd/VmC5ffxHFSpyiKhqqqXLQ7erxgEdptNtt2JElm0PafWos9+9Ha2jHDVW1f4wAH4ZUoVmCta41/qyWlTff7yla6QG0bWiku/BJc+I1tsgQIX7Dru7PZwLOrWp/ZlTDHIA3BrMG+B08dGfptb9mvnXADtra2jqitrV20r1u3RaMV4YQ+QQELH483V/uD5VtoitIkCqm8qRlqOjmQ4Tjwl1ctsynpqCMUSsEO4KABtF4JtaIWw5o1TceOHj14KblPf6KUWB5X9sRaJnOGwDfUlb/Qnw+RnBcOR4+RlUKZw+NcHXS5PrO0ITsA4fbU8BGjGz4T7e+bEbW0tPC8I+iX1Z6je1qzp1QEHW8VTJ5WGVFUDCYYi8fHOuzCx1Ye2lwu567GgHWvuQJk6dTeFTnV53aslCQp2heAfXVzz73/2tIzFzMWcNKo+8bTBzQQzoMv2I3f2OZKgPAFuz6Nseeuf29fuSVN1QmMBY735l6deVTNz0Qq2y04HJXY5F3JcPvQmvoqMmsggcbP1B5HZbl8+dbMLxes7bwogxxORSey7hzocgJCVq1z6rDAnQMrnfN9lB7XBUHTeV7kdV3N5VxqVdVu3UJC707+tXl7y1ifaIkF94hX9L68bLwjPiaaSwypqQktkCQpXCgUylu7uk8VOLEQ9JUvtFige8/+dXbuqIp0mgNHHz1w8b5qLEg5eCzW7gPNZV/Vk//JJ1taTt6VMCopRxnkCyrYWRPsVCY5vKFyyWVT6s7Y0wUklVtRlGBrOHqFN+R9lTXpGErkUQEj6d2W+J8XtuRn6yBCnccevmFcaGAgQO1zy/cLdu8R31wJEL5gF7dhXPHcW02vbUsbY/KMnZ4dEv4xvsb6R4egd8kqnq6AZWpXW0t1wGVdbHM41nBUJkbTosrzDsPlEiPptrT0Qcq8/aXVsStyqgkMQ4GJEWBDgSqvJX3Ncf6JA8u9OwF20OGwlbHb7VZd1zWPx5PuLaoigUsX0WbMZKIeU8GO6gEDVuzlpRPJzKArJY+NhLtPt1qlbqQjyiJxO6vKA+Rl/4w2ZN/1GzZsOFFk7bkGsWYN1AIhf9krmUIxCNjRIUiS1/O393Z9vCtJVeqYKkqwAUnhBg6mDgws+N708lkkthKJRASKEoOapvgpCmyZPJrWk8geV1duf4kTLU2MADtpzpn/sCV+44JNPdeYnEQFbFTb706srf+CXfiNbq4ECF+C+9e3R6cqIHo1WnCX8bC2wc+v6v1y8wAghcPRowTBjHtYS3ecFoM6UuxyHlnttNaayWTE5c3qzQt2Kt9CjADIkIEuch+a4LeLyasmuSdZOdRms9mKFM+6rhs8zxOCV4NIzJO1Qi/dGFUoFMT2hH7G+GHV8/bFapTC2J0Jx6duamq6yut0bj16zPCbqP1MwdesX3Om2xFos1r57X10b/syIfnSd3TEfY+uSX+4I2rWEs1KMBXgRA6QjmBSJf/hySOd3xdpRmOsrCoSfW0ogNvN5nM5PZiRlfqKYAVZWn3KgESWNDui+lGY5hQe51O1fmspL+ELHMMlQPgCjbm3pvqv3QllGuFjTCaTXsMweL/fT7YiyYtNgoVFGrJEIiGs7IIfPbms5Td5gwWBNYEu1j4gcFrpwjXH+0Z5edzFcRyrqiwPIMsWiyEahoUQvdKEZgwhROTPsSAIemtP4rjhA2re3hMQiqQqAHRbV8/UfCFfUTWg9u1UJDIsl1e9g+qqSbIQ4Y38L+n0FStWn19ZWbaQpulCWVnZftfuZOmSSqWsf1wU37wtYpYzNADPAuQRAEdTcPJA2wuXTqk4txcsyQ4MGY9kuWNGM5laStMon89H5N3J/9f3R2n/JbvxG9N8CRD+B67uJ91GXkIcDocJCPjLy8s/k8NPukKyGt9YF/37/K3ytxDvgIKhAY0FYHQdPDaAG08uG2j1F7r0Dh1xHEcHg0GNKE6Ta8lWpQ0Aq0QngmE4AYuopycyYPDg2mV7rvdxGnvWd3Vd57FRHzud5SvtdiAl1lRHd2xyJh0PlQcCSzyez5YPky/+2rVbTq4cNWQhRKNwoPRgAgjRaIv3vo/Ut1p69JFmvgC8wEKGAAJDweSg8tLJI8su7N1BKRLX9sY3uHA4N0AQtM7+RWL/A1d9429RAoQvcAiQ2UDv16xvcBNx1P9iMe3o6PBms2qFz+doEchnXI9oqmo1slmlEVjMt2T4U99Y0/H9jEFbKaAYnhWAw1j3uqT43JkVE4M2G4m6/9fafY/ZCNuaB3+ks3OMqeYpp9vVAYyNFygzj7Md9p6exNG+qkYz6ODnk9kK0TsgcQeGsRbS6fiAnlhsvNVlW+sUA7vShmLlJD5tFHRXJq3UBap9Ky0uMXYw0X1CC3/P2x3LdrYlh4osC7qpQR5okCQJZjZK9w/yFJ5gWBHxNDLcgtAukEAp7fLFYj21dl7bUlW178SlPtf1BlHJWCbPUJJsO4wxXQKEwzDewV7an769PRYrb+lRZ2Z1CHkctm02iekRc92ZQqFgE+1udWBd1ceESn1bHIarFLDZSKzGbreFdSMvaSYXnNTg+MeB7kvut2jDrhs/WJO8NIaEeoHScwxLsgZZ0YMzkeMbbLcNrPB9oAqORhtX6DRNUxVFMUkSiGiaJlmQGVKK3R6JjV7cZvn5zni6nhFElagiIMxJkt0WHVFleeHEse7fHgwobOoozMjJssPudIR7oj2NlRWVq1QD3D4MawnNWUdHPFQoJPyGIct5bBu2KSdcFcurtXaqsHlGlfeG+vqK1v09czHVm2VpwzDQ/rQ0D2S30u+712al40u0QO+sgSwTRMput7Ym0ElvrAv/PpZHIZExY1OqpCeGB5mnvA7HLgVx5ZV+x9b+3WltjdTX1AQJTwDs7E6MqA+6CSsTiR3uV4Ptjaaev7z2QfT6OAUgIBUojoeCgWGQC7Vdfkz5jAFKuj1fUeHJ5/MVNE33AMmYQsgg//TGG8iWqP3plenn1rVlj1MQBg7lsYmJPCyvThnoevLKmQMuPxjTtff0NIb8/jbCmdja2uquqalJ9pep790dISnb/Ibu3Hdf3CzPi2EenCKCcwf5rhhi9z3Vt6W6t/uRYqq++ElpiXEwHtn3OSVAODz7HfLVS1tTVzyytP2hHGUFG2fC94ZI504eWvkieclj+XyZ32rt6t/otuaeUQPrAkV5sh3R1FgH1jr9fj9ZMuxTUIGA0EtNyfufX5S4gmE1YIw8aEQjUrRBvbXQMnd6zTEkOh+Px0MsyxZTpTHGJkmJNk1BL8qlaZqe8/n0J97cuWpTGIbmTaKRmAeKYQGbFpjaILx4zbTycw5kgM6MMiifyFoba/1FoVUSzOw/rSezmY4MuLlCRCVByo93xM58YnX8lRiygIhycNHR3nNnNAZIzsY+j3g87iCAgBBCJUA4kEf2/3sJEA7Pfod0dSKBnWsS8hWvrdxxk0zZXSbNwXVDtRl15Z5VsixroVCIbK8VYwPkpc7lwJPIJAdWV7hJHgGJwtOdnZ0jnU7nTrvdTr7q5Dyy1VicLZClRt/OwL9W98x7ZEX2WgvKAotVMBkraIwFasR8xw9n1U+s8lk6SXoyIT+1WCzZfD5vI+rVRBmJNGWQyglF0Z9el3t7dZs8WaNtwCANMKJJDTRMqeZfnTtrwFl9YrJ7MwT5rXVn67hARU2bJBVJUPYpAEGAoiMDjtZY/PgVLZEfdOWgHiSn8N06c9rQhuot+7u2r4KURCRJPsYhOaV08mcsUAKE//GA2JkoVO9si56CeY4Gk2KHubmXLRYqS75w/Yt4el9wMdrRURWoqipW+xFAyGTUukwmMSAUKifFUSRDz0o271OpVCUluZh4pK2Co6jUx+3mL1/Zon07TzPAaFnQEQWcKEKjQ++49LjA1IHB4C6ShixJklWW5aDNZovm83m7pmlQUVHR3tHRgUOhELpjfuvy1S3xUYQEhTbyRQVmRAFMqhXfP3WA9AOaZrM2G6vxvE9xOIAUPBFlpuIWYk9PYgItMJrkdHZYAeIEaJLJpLX/S9tf77HPFSQmYJpWERwAIYeD8EbsV16KLD8ikQjJ8YADbYX+j939tbtdCRD+j11WFENJpewulyuzZ1yATIVRoVDmD4WKnAG90XSuPRI7QaSZpN/vXteTlscbcsKr65TdYCU9UOl9w0FR8fc3h3/26KLttyusFzwSA5qqg45MGGBF0TPHBS4tc7Of0JLLweM01jSKKCuzPM9HTdO0y7Lm5HlrRNNSjkc/KXy0vUf2EECRWIQ106AIkevUoyrfO2Ni2emWLEiqmq6WlXyNaZoSLwgpm93SqanImszIIwfV4n8AlJPofzHzkWyr7o8L4vO6g8xGSrsMn9d6/7muBAiHb8MvpYXWlDY2lsdDlJxc0VjtftkvAEnQQem0UpvIJk/obO+YHfD7V0s2sdnndC4kBUA5AIcNdjMxrd3ecW6H4ZjOmnKE1tRMNpurZwQb57LQTQFRWclRVNbi8wFvGHmr1ZpTFIVRFMXP22wyY3JKT6p7gpzOWVXRJ2RUypNIZ2tCZd73OIbTcoZWw2hpetqI+jt6g6YkxZBs91FZTaspZLOhHS3tFwgcH6uqKn+CEcW4V5LCW9PG8Zs78pfTpp722qU1k+uK9GmlbcIvZQR9vkZLgPD57PalXkVUi59/d+fCpoRxtMTS5vAy65oJIeGPVpyKckBRdk8gFUvLJ4iS2FXmcZKsQvL1JV9IEoNAPT09tryuNzorKppdAIRdiN61a0sdYq2cz+HoUpSUK5WSBxVAGF3lcy0wTZPjOGuGpmlB15WBiVRitKIZfCDoexp0fTNFUdZ4PD6w0mrd5K6rK/IQdHd31wV1vRtCIa03vkFyMHTydzKZHJTPa4HKyuC67u74AJNhNKzm0Os7lAcWd+JJNIWh0c1svf7kARPcAGRmtG9xyS/V0qXG97RACRC+gmOCZAT+7u3mHZuTdAg0BaY0eLadOtZ/co1I7erNaaALBajo7Ok4qTLgnS9JEtFGxCSgiDG2trS0NNbW1pJAnBqNyuU8b6jptOLO5eTK6urAVpKApCiKO5HIHiMXctXBssBygRUzqqo0RuOxqaSeqrKy+mmEcIRlcbgjEqkRJCnnEIRwX/1COo096XSkwuOxRa1Wa09vlmGR0rGlpWVwbW0tEV7J9jfvs6vCr7/VYpyu6yrUSoXNv589fGRphvDVGoAlQPhq+aPYGzJDePadjW83xdCxNDLNyYOCr3/76IrzSPpxLyA4SUBRlmVfNCGPrK0KLCCAQK5t7ew83io4unw+O1GUNiOpFKkGpLCiSNFodGAwGNygYWyxcFwS4wLO5pmZ8UR8Ks8TBQeKaD50u73uhViHBEJIE0WmY9f2LWODFYGtDGON9U9XJvGAVK4w0e92rLXZbEUGps54vEpVFEt9ZeVn8inIb29siNzx3vbkFchUlWq3peniGQ2nEy3Mr6ALvrFdKgHCV9T1a7tyM+OacBTD0JqPKWwdXmF7u39X+9KUN7dEzrJbnBsFvxDOdXQM5ThrIRR07yBTd1K1GI1GBxGtxWKdQkd4Snl51Ts6JTAWFqualqFZi8XS0R6+trsrPMrr80SqqyoeZCmqg4ABTdNyToG6VCJ+VFVl6I080WP02rb1Rf3JbCSS0+qyyXiF0+NYz+lWpSfRNnxgfTWpnfivxCmytbgjDTU2BjIGA3yVhdonfdpX1C1HfLdKgPA1d/H8TR0Pvt2iXGlBdM5nV9tumDp4ZBiAL++NJ3QmEsfylMQabD6ai2X8YORjDQ1Dt6ZSKVvaNMuT8fh0CwLRbrNHotnsFFbgO71W50uiSHeS5CRVzdbldcNldwfaOMPQ9kaD/uxHO/+1KomnGIjmBtvwkiun1p9yoK3Cr7nZj9julwDha+7aZzem//XyltRpvElByKlkb5vV6CKP9GmyUjLpknVdtBpGZoesjcwzPBu02Lfm8/ky1szIeYqqdtlsMVF0ybKaLsvl81WmrFGS09sMTns6E5MbKV02RwwMEQ5IUoL8X1/+h5a2fbyoUxuPEQUTfNRHN8woyq2VAoVfw7FVAoSvodP6d/n5lV2vvrY9ewYDHFQ7zczvTm4g7MbFRB6St5BOp6s0iiIUK/G3mpIvbIyakxwCn3BwWvz4auHigNtaLBwyDF7CWM6SZUAikx+1JWb8cHNSH5MFxhPi1XVnjBxwRrX/s2nVff14ZFn7wnc7tBmUacBEP/X+tTMaT9qXCM3X3NxHfPdLgPA1d3FLV2zIyh7jtzTNmTYJt8xs9P2y75EwxmIikfDLIjL5rJl+aWd2zaIWo9HJsBDyGt3XjvQ2+v1+EmewiqIoRCKRXENDg55KpRyvbUovebctOxxTVhhskXedP6F2UkPZ7nTpPY+Vzckzt8n4XNoEvU7S3powsOyZr7lZv7HdLwHCEeD6fgQs/8W/QOoVkIhMf1ROPdBpfrKo3RzhwBRUBVDLOTMGDRpGUVpzMxbr6oopx0W2ZpL19+THne8uastONgwWBtu1tnNHlx3bGPJ2HAHmKj3CfixQAoQjeHiQFzydTtfqOqcoSiK1Nin8eUscnykgLe210xtPquMv9/l8pB6C7Eh8Wi9Aagma4vT1KyOZy1SadVdLxkfH1fjn1le498tLcASb8hvzaCVA+Ma4+tAelGwR7szlPCK2mXQOChUVVJHzsd9yhCQhkdJpEjws9Ku4LM4yDu1upbO/KhYoAcJXxRNf8X7sFnAJE41KQrxKyGKdAHo5EZ4HkFQiJ8kBkLwCQrxKziE7EqU6ha+4X/fsXgkQvmYO+7/ubjKZrEEIzQCAEE3TKdM0yTJiq8/na/q/7lvp/odvgRIgHL4NSy2ULHDEWKAECEeMK0sPUrLA4VugBAiHb8NSCyULHDEWKAHCEePK0oOULHD4FigBwuHbsNRCyQJHjAVKgHDEuLL0ICULHL4FSoBw+DYstVCywBFjgRIgHDGuLD1IyQKHb4ESIBy+DUstlCxwxFigBAhHjCtLD1KywOFboAQIh2/DUgslCxwxFigBwhHjytKDlCxw+BYoAcLh27DUQskCR4wFSoBwxLjy6/EgvbTwYzHGJ2KMF/l8vie+Hj3/ZvSyBAjfDD9/KU+ZTCanAsAohNAoiqJGkb8P4UYJjPGVXq/3pUO4pnTql2yBEiB8yQb+XzTfJ9ryZd+LULLFk91zJV76ia6YtdigAfO7mdfQbuEoYBgGKIqoTRvA8zwghAj7M9A0vVtKHiEg2o4UoOdMTbnXE6hY8mX3u9T+wVugBAgHb6uv7JnhcNhP09xklmVG0TQVMgydZ1lqBcbm+x5PcP0X2fFYLPZdhmF+Ypp4GMdxYJo6sCwLqq4BTbGEnLH4/wgwmKYJLJiAMQVEQh7hIiAghmEWsRT1VwPjZq/Xu/mL7F+prcOzQAkQDsN+GGNCTvpfwiWH0eRBX0o4DwHAJPyFhBTVwTocmMEeVTfLOYnKGkY+pwDKVnor2w+60YM4MRVNjQWOG5tTcueJFjGINdODEXKIgmSqqmbSFFYQNhVJ4toLikqLLBVBCHJAs1lMsYphoJRJUSsZLLbRNJI9HqntIG5bOuV/ZIGvLCCQl21DRB7mt+JuQdc1mnbTKivzAas1eigvIWmnNZ8PMoZFpSigsnLK7mONeJ+K8aHaeVckEkymTY9oE+VUKlfr9fjbA7yY8Hio9KG21Xf+js7OKl2jGRWZvJnPiZglTOgYmwYlkD8Rg4jUOmDEsBiZIk3TpsPmjAhuS0QoFLTy8nIzGo1ypmlKFEXly8rKZPLc5Jo+W21vaRkDlEBk4wEhjDCPMaVRFMuaJibK0eRUnS5egzjOtDCsxrJF6bZEf9GVeDzuYFk2YDKMhEzTQq4Dw7DrOrbY7VKXIite0SpGcoV0jcDyGYricrmCFkxlZX80nh3c2hmZ0BONOXRNT2CKSXucYnttVWhNdX3VCm91WUsZRRFOxn0eO9p7GgAEMExsMqypiyLGVT7fIWlEdnd3W3d1xwdaBFE2DYbREEg2GgpeL99qmiY2DJuQSMQHYAulOV2BbpahGEORrQ1VgfZDFaBJpVLumGzakGFwOmcacjLnIT6t8Dl3ED993jHzZV33lQUE8sBvrOq6/s2thf/HGHoKAWfxiLhz9lGOXx09yL/wYAg8ib7Aws2xb72/PnqDbLAuhAxMM4iZNSp026zhrocP1aikvV/9bcGLTW2xEawoUCyLUUGn7I1B5v1Lz558/aCqQxuY5KWd/+7a2fc9+o/b0wXDRzMMYjBCLENjVdNZYFgOEEUkmMgCnC6u1BGiOY5DLpcr53K7ctMmDHlm+sxJf61wOGJ7e55oNGrf3pmcevtdD86LpQsBbJBXgDEpikHAcoyBNUTW9r1H8Q+apjHLsmRqD9UBb8uIoY1Ljz1m1MtHD6n7mEjM78tu/WMZGGOJEK2u2dl94pJlKy5csmTpybvaOt0FRQcELFA0meAQlNNBEjhdEoR8fXXZrmlTJj0zacyw+WUeW7vb7VYI0Pn9/nxHR4crp1G+ux94/L7NTS2jOMGiGxhxHJKVs8887b5zTpkyz+fzyQfzsbh13pO3vb/0k+/oJuYMluYEA+jjxw1++Vc3Xn0F6dK7H64++c77nnooZ2qcltdNi1U0KFNnzzxl+gOnnTl9HpvLqaFQSN2HoC0VDoel8vJybdX6zWNvv/vxebGkXEG8xtAsICRz40c0LLj9Nz++kKh5H+oY/LLP/0oDwsPvN9/35k7lakYrgAIW8PJK+rsTnedPG1b31sEa5q1N4XOfWtZ2Xx5ZveQajgV83sTgT88a5r/zYNvoO++t1V1z7nty2WMxlbYDjQBQARDvBQeOpa47f9IVp09sfPGQ21yy+YRf3PLH17MGI2GggUIaCCwNuoGA4gTABi4G5chLSwJz5G8SmCNM5+SFtdIm+P32tisuO/e2s6Yf+9Ceg5TIuS3ftHP8NT+79b1MAXMsRZO7gKobgGiOfN6LbfeBAmm/d2ax+54mBp5H4LVz0TmzZ/zjnFmn/LlsHwpO/Z+9HWPppUefu+PF+R9+L5XKSAVVA4oVigHH3ffYHWSkaBpkWQaLJAADOmA1DyOHDdhw9mkz751w3Njn6tzuFFkSVVRU5AmAPvHKO9fe/8jzv4/Juh3TPHBmFupCZbt+dO1lVw2vC3x0oK/u64vWn3H73/7+WE8y60YUAh0D1AU8PXfefP3J44bWru57hh/c8tDLb7y75CxBsEJBUYChEVT67N2/+dk1500/eghRt94nozTpZ0sL8Pc8Oe+hN99bcRFCLLCMBTS1AJVBS/THP7zk6tlTjv5K7q58pQHh0WU98xat77iWNw0ocD6wUPnU5ePsp00aXbP0YF+8hRu6T3tiafh5BSQJDB1onoJvjy/7+exRvtsPto3ihwxj+qYH5r+4dEvqrAIwIHIIkKKAydoA52WYOqrq5cvPHv/9xnJ79FDaffWdD0/57Z/veVKhre6CrgNlKCCxNJhAA6J4YGgSpDOLIOEloI4AACAASURBVND3opKZQt+BEQ8Cg8EpQuGSC+bccfUFp/+6//0x3sR/tBaNu/ZXd72Vypt28l0mIEACfCbLgWD8BwB6n3P3h7sXGEyGB0XOgctpA1PL4dNnHv/Cjy+/6rJAgCICL3s9mpPYdcvv/vCvFWs3TzZpcXf/obgaKT4HQ3YZeoHNxBgsNgcoiga6roPLJoEqp8HrsiZOnTXzqUvOPOXmUMgR77tRe3u7dP8zC/7y2oLFV8oqFOc2lJGHmVPGvPbLuZfNra72d+2rX7siueDPfvWn19dvbRtv0jQwDAYrA5nvX3b+b68676S/9L9uw/bIgF/ecudr27uiwxR9N/iCmYdTj5/wwnVXn3dNQ1lZbE/9ib4ZEplJPvfG0nNun/fI3UnV9HIMD0jVyZhRvn3OzHt+dc1FPz2UMfK/PPcrDQgPLI49+l5T5/cEU4cs5wMbzqtzJ1lnTBp+8IAwf0PX2c8sjz5lUKKIVBlYUYCzxvp+ffbIwB8OZnrZ54zlG7pm3vnowvu7DaleYwxgTRWsJg8aJwMHLpBoFL/u4imXnDCq7K1DkUJ/8+0VJ/7mjnueT+qMC2EGLCwANlQgC3uTFgAMtTgzIP98elC7t/LIy1WgBbDxLOi5DAQdYvbH117+kzmnHfNQ/0G09OPtk37yu7vnxzKak3zpyJfYAAw6RQND7Z519AHAf0BndwsMZQCmWNA1CgRWANBzcOE5J933qx9eeM3eBmpbNFpx258efOS95ZtnUawdDNS7wqAQcAxr2K3WbMDn3mmR+BxZV2fkgr87GqvVNOANsi1JdjEpAxhsgiBy+NIzpv1p5tUX/ppIzvXdb932jtBNv79n/o6O7uEaZQHOVEBAaeX7l5x7y9xLz7ttb/0igH7L3x6544VX35+b1ymBF1gwzAKcMeno5+649UcX7M1nr7z+/kW3zHv8QcUESQMKWEBg41Hsx1dc8IvvzJm1zyXnli3Ntb++46Fn1+3smUBCvwQMLBzGo4+qfff2G3/2nfJD/GiUAKHXAo8v7p73zpbwtRpNg4losAuSfuU460mTh5e/d7BGenNt+Nyn1qSfMzWzuBwXAOGLxnl+OHN0xT2HojB085PLn5+/tOMcOwdQMLOg8QaImhfItFOAPBgcCxOGhN687uTjzqmqoohQyUEdry1cfuKv//zgS4qO7CRMUNANmDCk7r1Tjj3qpbSquFjBrmiGLrI02ePnDU01LNmC5m5t6xjy8eo14/MF5KBsXsC6CpwhQ11tdeTem2+cUF//H9m1D1etm/ijmx+cH8/qLgJkOkXBgOqKDd85YfQjOs0BIExCF4wJmOZ5TiMvTyaV9SZSyeAn67dMaenONSBGAJoyi0sYj9eu3HbTNWfMGDfknf4PSb6Mv7zjn/e88K+3ruAkHjRFAJozAamyNm5o/dJTT5z8zLihAz/yeGzNwWCQrJ/x1q2tobZId+PqtZtPfPuD5ed2xgvVJs0XtyrJkkJidLjh6m/94LI5p83rf6+3P1g1/dY/3v90l0wHKSkHYLLgl7yFu3//w8njRv5n6t93zesLls655Y4n/pnWKIuJcsDTGtSHqpruveWaaXV1dd37ctYPfnvfUwve++A8TIvkMwAcTUFdpbvp1l/88IxRQ0Lb9ryOBCzveuydu+YvXH6lhrqxQgUowZShzAktv/35dZdPP2b8uwc1MP6PTvpKzxAe+yBy78LNPXN1dve02cbwyrWTHCccPbzyoJcMC9Z1zXnsk/gLuoEoE9PAM4AvPSYwd+aI4AMHa/N1zd0T/vjoRy/ujMshjgbgaQaCASGOVcCdKcpHQwwQWMBv47pvvHjCaROH1Kw62LbfeG/FCb+87d7XcgXNQgTQBKsdLp5z4m9+fuW3btlfG83JpGv1srVn/v2pf/16Y0tPnUWSgDE1oBmAX1x3yTUXnjn9vr7rl32y4Zgf/u6+N1N5w0XrCgDD4eOOHfvCrT845zISsNtHcIyJxWKWNdu6Jz3wxAu/27StbTxGFGAwir64+OxZ9/72houv7d/H+R+umH3zHx9+NKsZ3lwhAxLnAYHJJ2afMvPxqy4749aQ4z9T/z2AhIpEIuRek//x7Ku/2byjbVKuoALDCcAChkE1nq2/uuHKM8cdNehTMZiVGHNLHnj65w888/YtiCJLLAw8YJg2Ydgbv/nRJef3jyVsa43U3/S7vz7T1NIzPqPoILAM2AWU+NmPr7r2vJnH7Fep+oM1O47545//9mhLOD4orzMgSRJQakY//7RpD/z6p1f8eM/A4KuLVpzyp7sfezSazASBQsAIDgAlkZl78Zxbv3XKcfNILORgx8b/xXlfaUB4fHH4vnfWx64GgS5OjwWKUX9wrO/EscMCB53dtmh92xmPLI+/QAHLKYgE1DBcflzF92cO8zx4sAZ/4LU1f3n+7a3XK5xenBG4QcyfPXPkHzleNx5+velWRKWAMq0AigHnnlb3hx+eedyvDrbtf7+74uRf/Om+l1UDi7qqAf3/27vOqCiybb0rdyCDIigOKpgwYg5jzqijYhqzjjmCmFHBhCgGFHPOjI7OmDCNOecxISoiBlREyXSorjpVb5129Dlclfa+mb591yv+6Fp9qvY+3z711Tk7FU1Dvy5t5oSO6G7RPTbEHg5etHFXFG9CFE4Q0hkM0L6Rf9yyOePbYh1wduH5G7frBYevOphjlBwZSQAeCVC/brW9GyOCOhW0S8LX7z5xrtuipbHLMrONrhJlAILUQAXvEjeXzx7U4MODh52I08fO2H/uamIziaaBJrEXhILurWou7Tlh+ATfr0QnPsXqanyi3+zI5TuTX6b7GSUCkMQAg3jo/2O7iEkju4V+OjYhJcU1auHWrecvJ7WWVSRQHA+sQMBPPQLCx/zUZcaf82dnL9kRuXXXoTEiS5AYI1KQUd/ANgsmjeo6paBjI3bKbt51aHDMup9nGWSVsx47WWUEHo7Mq8lBQ35q2cjfHPHCeSEJz54VmjMvdsfl+HuNOC0FvF4FIGZCk3r++0NGDhxW9iv+DUvXyz89zqYJYePZ1yuP3nk7lOQI8xmXlkh5ZAPPdkU8yYvfOTllWgLOyVuvOq27/DKWpjjWKDNmYulfz31MmwquMQU9DPj+L97pi4auOH7iyRtUBlG5IFEylNJwD2aN+KElqzXlDY86npihy3UhkQpkiYSibuTDGQMaNrHU+AeOX+wwOXLVLomgGSTg8zoBg7q3njN+iGWE8OpVjtuIsMgT9x4+ryTjtGFGBeWLOtxfPTek5p/5CMSl2/drjJyy5Fh6Lu+oZWRAQECdGhXjwoYGdi5RooQ5N+Frf4np6Q6TJiw88TDpbXWeyAaJUIOnfeH0jSuCqvoUfZ/4dOz8H21CZy7ZkityrrwgAMcIUN63xJXl4ePbfeuZec+BU93mr9q2NlMv2gsSCVpGDd+5ax7PCh9S19/X9y9O23OX71QLnbP+0Js8XWGBEgA7X7wLubyKmDqyfe1KPjd+OXG9S2TUyg05JsJOwjNHPFQr63M5KnRU4NcckB/wwMen58+zHVds2Rq9+9iFPiTraN4haQgTVCpb8sLs8cMCS5QobHZ6zluyOWz7vvNT9TiaSGBZdlCiEEqePGFM7yY1Kli8qy3IHv/k7zZNCBvOpK4+mpA1mKQF8xmZIyhhWIMiHbxdiDMFhZf+fDvQJ+Lf9lx/PmUjIcuESHAgkST0re0e0raiy2JLCGHb8TsT1u77YxaitKwkCYB9W4F1Sy0e263+WCwjfPu57ccvPulB0BTQjBoMeTwMCygf0rddlUWWGO7wmWttxs+K+U2QSFYSRcBe98HdWy2Y9A2e6GFTFh06feVWa6MAQHIa8Halnq6PHF/X29v7NV7Q124lVhoZFn0yLVPnrKYlcxZS/TpVDq6dPbaDJQ5QHPabFbNr69mL9zoJVC6IshoKa53ztq4IruJbvHgSnufMhZtiduw/NRLRGhAFAziwcnZI8E9BfQIabLIEh3xHCGZY6OLYYxf+CCRpEmREgR0tC9Mm9OvQuUXDQ/nvt3rLnqBlm/ZH5IiimlIxwAg0fO9f8XivHo1mLlrxy9KHyc+qGBABLKUCd3vy9bQJ/Qe1qlcrzlK9cPTgys2kKjMWLY999DzdF4drOQqAAZEPGtBlfOWeAatyr9ysNnXmmgPpvMnNKAqAj38OKrVxzIC24/t3a7/KkrwZS/X5J8fZNCFsPJu6Ju5h7iCQdECJenBU2esH1HHqUqtcMezJLzBlWJYTuQPxhYf/ci1tkWjIBkQwQLIc9KzhHtKuknOBD2x6uuwwZd2B0/Evs6uKBAmszIEzp0+dNrRFi+qlitzFhjl952nrhRvPb0gXhCJAkUAhRyjrId0c16dG+zJeXgVm0B04fqXDxIiYXQhoBkcS8KQGdm45b/zQbpMsNfyQyQuPnL50u6VMMWAUEfgWVj/dtGhKfS8vr5fvF/ODKqPClp7I0iFHFSGAQTBB3ZoVT80f36+dJcSanCyrQhfOPnLjTlJDRJuAZuzAXWuXuj4mpCbeIWAZfUfPOnHuelJDxkENiDeCj4dzwsbVMxp8KWHqa3PDJLb94KXucxav2YpIkTQaEGhVDPQObDFzyvBeYfmvxf6EjZPm7zh+6V5nEe+ABBbsGQ14F6UTEp9llwNOBr0Bv1BoIah/9+kj+gdEWoqt+cUSH89C+fLytr2n+s9fviFKkBkHHA3Bx4+izuonY8b2G7Jn99HRl648aofTsRDOIREQtG1e85fRfXoP9vZ2yrbk5fMtOv1TY22aEPAO4UhC+mASR5wkBCznCI2KU0sLu9vdAYHHzj0eAOlkghQpCVGyOZsPQCJIgcIpvyAzCRnyDxeeo74snw3mUD7DQvcaruPbV3ZfUBCohy4+7jNv5/kNImIpgRRAJbHQpGLhHWGDm+AsM3MAPyMjw3HxrpubTt1/2UGQENjTjgCQx/du5z++b9OKf/GMf07eIUwI81b8LEgkh0TZHAkZ1LXFoknDe4QUpB/+HcfWR02OOPng0dPynFoNvICgRhnPK1FThzX28vIyRzvO37xbfXTo0pNZOsleQ0pgkhE0qFvlyNqI4ICCiBVHDg6evdVseuSyXwwGWcMDDg6QUL2017Vdq2fVwTuMhy9eFB0eNPfC8wzxO5HkQUtT0KByhV9XzB8baMkcPjfm5OWEauHzl8WlZea5IxKAlCVoUrv6nhVzRnf53MN14drtClHLtm659+R1VVKlBhlJZmLiOA70Jh4c7LRQvXypU7PCh3f5knOzIF1TUlJcozftXXjw9/O9EcGSRpMIakaWSngVT0pNfeetE0wMxWG/gQClijgnzpgwsFuNKn5/FHRfW/rdpgkB+xB+v/tqKM2RYEIk5CAn8ICMdFHFOBoEkaYZR5CRHj+YH3YL+F9MCjj33xzWcpKyHj2V3Cq4kob3pbgULXerXmhyB3+PryYmYWfS9OV79hx/bGpHmQAIFQCDwDC1f9OOTaq4H/3UiHvPPO6zeN+VjbJMkSSfByaKhaq+7qfCf/T/oaCaiYO/X+oUumDNVhMiNHiB4ZTewd1bL5g0tItFySubYuNGL964OzLPKKhxBiK+vl3jqjsXho3u/kHHi9fiqwbNWn4iM1dyZiUj4OThBnX8j8wc3TXwzwzA/81d/pPosJPs7du3qgePU6otXL1zRWJKWnlBlgFJNLAcCV3b1Fk+c0x/c5ThTkJCxaHjo06+0zNuJsgDSuDFId26R0wY2flf3uaWLv74tDS7iUFzrye+yC4j0gLgNIxqpctejl0xpf6XjjkbdsQNXLHlUEymKVclyHrQUO4gmt4By7qAgz2XGx0R3PhbIkCf0/XstYc1w6Ni9qRm6osJ5tCoAZDeHigGZ5YawWikwUnN8eNHBA7v2b7ZZkuOZJZiYo1xtk0I51JXHbmfPoQUCBA5PcjAgVZEIAoUgFYE4AnAHu2C/niZA07SmWkCEaTct47nqIAKbsu/dt3ZuykBszdfO8DzmYSB14CjVgNli1MXpvdq07pQISL302sfvH3ruWzLhd9uPMmoCSoKKBMLzoSY+VOv+sM61Cyx80ty8Nb4wPGLHact3BJrMAEjCtmgVrGmAZ07RYUM6fDVKMOL7GyXS+evtF+wfk90Vo7OUUKUmQlVpKybPnHEoM4tan0Mp124fb/C6HExl7NMSEuyepBNAL4lSj9p8H3l7Yysk1mSEpAs0ri+wYRkjlFz+uxcQ6HXaWnet289bZ6R/lZDkQzOUgCDiQcPN7vM6Jljm2OnHZ7bhZsJdcZOWXj0nd5oj3OpJIMMIYP6hwzv26zAY9mXsMGEEBoac/7Bo5TKBCOBSaSgYunifyye3Lfulxyh+JrwaYsP3X6Y9j2SKUByDrCUJFOSE9G+VfUNkZMGDfx3tu440vLhuvh4mb2XENcrMmbj3EzKrbC9YACRocBIUkAgEVSIFzo1r7/lp15tRlrisC1o7Vr7d9smBLxDuJ82lAYWeM4EvMCCHYjAm1gQVSKQIguc/PWCMQkZZRPtQGgxGSAB9AjBoEbewwL8XL6ahxCx8cT2Y3+k9xBYGZCJALWkMw7oXDu0d6Ny/7LIk5OTVWfuZk+IPRo/NY+kGJyvzyEE/n4ex0I6len0tXP64TOX20yYte5XgwlxJCUArj2s5ON9p76/X5xAywhIRpIQzndDJEWzSJAQo9ObHFNSXpe+dfdeNaNIO2Dfg2DkzTUQ1Sv6nJs3eWorT0/iY7z78h9JvuPCY869ycpzl0gdMKQKZBMBgpQuqlkP2mAwgL1WDaJJAIahzLUFnFoDPM+DzAhAc3bmM7iDRg2EoNP36xawJGToj1M+LNZr8YlVh46Zc15HMBqTbARGJKFPp7bzQkd3sdgPkn/h305N1U4IWfBH0rM0X5lBgFO0a/mVPjd/cq+WH45C+a9ZF3towJI1O1YiVs2aTCJwNO7XgGMqCFzs2NTIWeM6fF+59JVvecjyFWyZieH+/aceW347PPXnY5eG2wEJBrzzZGmgAEHVkt9dnRg0qKd/+WJJ/w75fItu/8RYmyYEnIdwNP7NMJZUgZ40AG8AKO4Ar0lZxRoJg4izakVa4wBmny4O2Jn3uzi/HWfiIwCZtKNy37zWqUuocLYjQqAXTdJPjX1Gta3g+DFx518W49Ms/+kxB/a94+liONVfQwGUdCHuzA7p1szDnvhsrcL9F2m+i9Zf+DXhTUYFYGlzAZGzxi53Upca7er6e535kvH2HT7TaerCLbEmRLAULQKPZOBkErS0lJONBAcaaFyNSOBKTXwPUZRIICigWQYEQQRBZIGhAFSMDE5qInX2jAldG1Ur85c8jTPX4qtOnLbsdDYvOoiQByAzQBNqoBg98BLuaiSaU6MlvPsy8WBnJgcDaFQqMIoymGTKXIugJQVd/w4tlo4d0TP80zLgu4nPSw0JmnXpda5QiOAI4GQCAurV3LZgxtDe/+6ivX7/qcfEadFXXufkevGiCQhEQrO61X9bOXck9iG8b9P0yd+lG3fLRURv//nB87RKiBTMCU2IB5ApBwAqAzSsWqpevvzvETOH9PoWR+cn9QnUp3JPXXlQffritfvS32R5GiURmwSc1HTemIG9h/fp2Oi/tk+kzRPCgbtpwziKBpHgwZ5iMlpXdgrzdnG7RZB6kRYlE0EiQZRk8wKh/nQq4v+TJP5FUl19a+p1NiFruCiQFE47FSQk9GzoPa6dn+PSLy3WBT9fWr7//LPhmHGQqAdnDZ3ZpGapnb1aV53mYW+fl5EB7Pt6ozdyXh5oOU4tZjCs4+646/Mv3klqxxPACQICluago3+pZcF9ao/+0tviyKmLraZEbtqdYxC0SNKDzGiBkUgAZASB44AWRLM3O38rMpyXIYoi4Go8CkzgpJFTp44fMajl99UO5p/XhWv3K4wPX3I6Q8+7AoUfLjXwPAKCzgWC0ADNspCnN4CK05jbnunyckDF0sAbjGBvx2H5+gplfS53btN0+Q/Na/6a//644Gjo5Ojr8U8zyhMqAhhZhsoli16Zv2ZWoxIEUWCew+fscOT07e+nzVm6L0M0OZurLgUJurVttmzWxH6j8o/HO7SF63ZtOHL2zo+4mIplZHORmJuT85u0bModqCxzlSVhkGBQ7zbhIUO6mZOWLPnDxwVzPZj5jfPekYz/cIpycMT6QzfuPG6AQ85IMoGHE5eyNmJaLYri0319fb9YJm6J3P/UGJsmhI3nUlcdepA5hJEBREkAZ0J+0be+4w91/bwt9tzG3X/Xe9fFVzE6IzhqGLypA9Strtek9hUdPhtlSHqVUXzy8rgTr3V2PkjKBop0AYNOB8WLOZk4yviakWgRZBVD0rIoULkGMSeXZWgHkWI4IVOXVyQ9hy9MMY4gIhOoaAAPezJxVM+anWuX9fpsK7ODx860nzJv889GRKhpBoFAcEAKCEjEg6hSgWBEZkL40I8QLxT8Rsd7IPzwcpCbWbt6xXMDe/8YVtOvxK3PLaSLdx6WHTc1+sybjJzCjIoAUlKBilWLpXydr0o5JjuRIFiSYeV3mTqvpy9e2am1jkDTjLkvopu9lD16UI+RjWr4/IoQUnl5eWV8TsbQSfPizlxLaqMTjTg9HJxpMjc6MrRlPX/fS//O4g5ftHX+zr1HgvIkxDhq7YE06vTBw/uO6t+t5Yb891uybs+EdTv2TjcAoSUpGsAkQuWyJa536dR8wcr1+6NS3731MiITrkQAd3v7jPBJA7o3q1/1d0v0+rPRDO6M9ZdyZ+x07joi7MT1e0++p1nO7D/wcGSfL5k3vW6VMgWHmy2R/Z8YY9OE8D7smDYYKykACQ4S8bZvM02LxqU/v/A/+6a59yJwx6WM1XrEuqpBACSLpi7f+0zrWMFh/ufGr4+7ERb7+50QHVLZk6QJKFkCQaSAYmhz5R5B4R4FuJZfAiRlAqNyBhLZgSTqgKB0Rpp2UIkmnBGpB0IyAkNzcmBj34hRnWpN/dQ59UH2gaNnO0xduDVWlCmViHRgEBAUd3N7W6KI80OdLGpYgkT4OpJi8L8gyyLQFM27uTi99Cpe/EHd6n5H6lQu/cfXmm2cu3mv8rhpS4+/zePdSAoBKVBQv6Z/3MSQ/v1ED/sc1ZNMteQkyw/u3m8YvXLjgtR0vW+OARGcyh4okYfW9f1jxwwcMLxECeesLy3SVdt/Hbdo+Z4okaOAJAAYEUHr5vW2LJw6bNC3dhk6f+uZX3hk9G+v3mT6GikZWJECN630Knru5Kaf1jNgXU5ev11rxpzVe15n8kWBkQCQAVxVdqlTg0cMDWhedd/qbQeDlq//Za5eQiqCYYAwklC7qteJaRMH9vMtVizFkocOR1zyEwJO1gqZvebI9ftJ3wMuEEMSFHVVpUSFj21Yo1LpJ5bc1xbH2DwhnHz0ZjDeLou0A2gFSd+vKdWxoW/Jv1TZfQ3YozeSu225kb3KBFonVswFmUR81/q+YT/4Oc7Pv42/n2b0jVp7bF9ymq6cIAnmpqGEZACOcgDBJAHQyJy6jAScq4+rDwXAsQ9S4kBGORKQvIEinbXmmn+KB1pmwSgTUMbN7u7Yng16VizpfD//+ffwyfNtJs/bsktnAq2JxwTDQb9O7SJCR3QNx9tU3DcRAFjsPjCnWPxvWPCj57ughXX5xoNKY2cuPfYmh3cHQgBOJKBxHf9dyyJHd8+Pwc64k12XrNq8NEtPumPfAYgI7DnZ0LxB1R3DRvYZhxuWfE7e7QdPyoyZvOTU6+wsD1zvQQENKpqRZof06x7QvM5uSx1suD5h3ca4qCOnrvQXZBFEigTSgKB1g4o7l0aMx/kfH9/UuAw6cuHqbfeSUhoaJRZEZAQW6fTDe3WJHDOk2yysJ37Djw+P2bjv1NXewHIEdpxysij+2LFFzPTgvrg46eMx4Es4fo7IExPTHeasWPvb5dt3m8gyZ67OLFpIm7Isckw9v1Kl/mv7RNo+ITxIHWwSTSAzzmAvSrpBzYgOdUqXPl7QQ/Dh95N3Xv6w/lL6Nh2httOgHCApydipnu+MjuUd5+VfDL9efDBgeeztVUZRYlQqEYwCBTyDveb4XE+BDLkg0/j5VIEgAtAUAbjdoTn+T+gMBM3RRpOWIRkeEMoFRnIFntGDnUAYhnesMiqwWfn1nzipzA/00eMX2wbPWfurSLAMQRmBkAV5YKe24eOG9/hqtaOl88fjzl26XSt4zvKj6XrZkZB5UMsENKvpFxs9r0lfgqj+L228Vm2NG7tm62+zMw2SmmJYc3TGTg3QLaBh5NRRfSZ/SXbovO1rdx86NBAxpJk0GZoGX2dIDho9fFTzBlU/myqM/Q84aoDfwsnJaa57j8WN3L779OgsHhwIlgBcoVpIZZc1LaR3n3ZNax740NgWb9mjl20KXffLqTCRluF9arIGapf/7mzkpN6dihUr9rGpSvzjFz6jp674/fHrd940y5tTmx1ZJidkTNeRXQOa/lsOQNyaLih8xZEb8Ql1RYkDIFnwdFW/XRw+tmG1it4J32IfWxprs4SAnTZ74o2rziTm9cINMwRSA24EmTesCRvgX7L4WUtBvJCUEbD6RGqsTkL2rGwAhrKDdhW1M5qWsV+MG5m6uLjkmkNJrzK/i9516Ze7Sbk1QJSAVSHZQADRtlzhbfZ22lyGYQQkAwUSLgLGXm6JlEGiHDWqTJ0g2VNqRk+aJKBFAr3JEksduX0/MI/VsFoBgSjS4F/G5XjMqEat8289f794o+WEOct35uTyjgw+/5IkdGtVf1H4uAET/67899tPn5YYNHr+zexswUkGo9kn0aRm5Z+XzQ368Us4LlqzY8b22EPB2RJhT1GY8kSw46iMvt06zhvZtwMOveLdyl/Sx09dj68/N2rJxpfvdD56RJoLrSgkg6OG1rduVGtTm6Z1dhR1dU12dDQaDQaGJ0mSKFy4cB7O9rz1+E2VnftOIfIIKgAACtlJREFUjjl/+VZHI8Kt2xGQ1Pv2rz3aN105M7jP8E91PX0loU7YnEW73uj4YjhHgQEairqyKaMGdwjp2Kr5rvzz2vDzwWEx63fOyUOMM8JaIyOUKO7xJHL84B+LuGru/klK39RFu9/oyDNXb99pAIwWsBPZ04VNiV0+v6qn5+f7W1q6Zv+T42yWEPAbYNmZ5+uuPsrpg6vUjDIHjkDmDQ5waV+7WCGLG6ScTszqsubEyy08SalI4IGQaOhQyX5uI296Nk3TZKFChYz4wYu7+KjHyt0XorJE0pNCHNAyBUWL2cVH9KnY8NO3zafG+lIb9tTU3MJztxzeeeNpTqP3nY40oKEMaeP6NenVrOp3f3Fmnb7+oHFQWNT+XJ1gx1AU5iLo2b5B9Izg/sF/18K4nPis/IigiCtGE2VnMGab24G1rl9r+9LZI3p9bZscPn/Til+OnB2KnQK8SQSGJsBJy7wd1r/rlL6BLf7SMegDFlv3nui/fM3WuRk65I4bipinL4mgpkhwtlOlFS/qmejtVfyBRq02E7FeZ9Lee5RQ89W7d8Uy8nJcBBlIjUYDEu75KElQo7zPlYg5Qa0/rW59+1a2Hx4advDuw6cNcOcnAijM1PywvoEzxgz44bMdk5KTM52Wbt669Ldj53qrtE5mwpFMJmhVp/Lu4CF9RiKUk+Xj44Pb2n+xV2J+2/cZGXHu6t0HdU1AmcO2xQtpUzYvnF7LkirKv8u2f/d9bJYQ8ERXnHy+4dyD9P4UASBSDDhI8puR7YsEVPIsZHEDkvNPdW3WHk7czDNqNxKXpQqEFFjFcWpg7WIfFw5uNrJy+/nNlxLeBSBapFjSAfdrF7q1Lz17SLt6syw5Z+Y3zNrDN8Ji4xLDTFQeQRK44EcvNahafNfcwS3/8lY+fjG+Vcisxb/lGUSV+atGNAW92zWICQvqF1RQnYGli+FWUkrpgcFzbubpSa1JyDETQqu6tWJjZg/r8bV74AcvdGHMtlNnL7WnVHYANAcmPhfcnbhXk8YOGvZDwxr781+Pj0QrNh8Ijt0TNzY7T/AwEYI5PGoO+xGEeXdCEZS5fyJuJ49E3P4ZAS4MkwkJaJICo14PHMVA5fIVboWP7trfL1/0JGxJbNTOfcfH8YgEbFNSNkHdauWOTJ86onspF5cvtsO/dvtxhckRi3c/S80sQzIaEHkRHNVE3oCenWaO6NMWV7/ivgaMJd2QsV9hYMj8E+dvJTQWZcbcis6rkPrFqoXT6voWc7XIWWmp/aw5zmYJAQO+7OjjTaeeQR98epcJEZxklD4swLNttWKuly0F6fwTY/vVh+6t11GsGy55YCRSCqxROLRrzSIfK97237wXGL3t6koTci0kEkZz0LmYBj2dMqpO46oeJZ5aKuvTcXey5JKzFx278ConqwhCEjCcGhg5N2/2sB9a1fFx+Fgbf/zi3bbBYQv2CRJJ4iiCgBD07thoRfiYAZgQ/pY23fefvPqu96iwhPRMo5rlZMApTs1qVDuwJiq4fUFzS0nJcZ2+cOnOS38kNjUixvxA04QRvD0cHweNHjykZS2/k/nvES/LbPzBC503/7wn9OnLd+VMokRwWg2YJBly9DpgOQpokgDRZDQTBcuo8TcnAOde4QQyOw6y6tf1P/zToH6T/Dz/+iGXXw5f6TI3evW6XKPkgCM+OJJT1N3+8axpo3rUq1Dm2tfmg9fUjr0ney1YsWlprlF2omgVCAIPxdy0b6aMGdSvVeNqRz7nQPzcPXHRV5+R4acu3k2qSzFqQCYeirvbv9q4cn5170La1wXhaqu/2ywhYMC2nXwYcSDRNJnB3m7SxDuzTGafpsV/rOFlf9pSQH9/ZOjx29kHc/QE7SkTEiJF4FtWcZ/XrYa72amIk1r2X3oxP+5ycm8jT2tZtYaQBZ2hZe3i28b3+n7U/6U4Zfn2C9G/XkoegpBAkKyaIUESAuv5LhjWtcbHOoUzF261mDgn+mejKHEkgJhnNLL9u7aOmTyy/wRL51jQuFuJiX5jJi/6PSM914VRyQZRItnGtavvXTJjTM+CrsW/377/uMK0yKXbUl7rfIy8yLAMiRCfI/lXLnt1SL8eIXVr/GtFH36wbiU88Tly7NZPF6/eaJf0IqUkIhmVRL3/viNONuQYnHAlmysTcQN6rYrKqFSu1M2ObRutrlO59HFXV9ecT/XDH8mZOGX+9mcpb6uJokxJkoRwf/Q+PdovHjugy2xL5oLDhYs37V1w9Pj5XkiiSImkNBpK0Ner6hs3enCvcT4+PhZ96SpZllWLpkTuPHHlbgsGN46UEVHS0+1xVMSUQB+vwo8t0cUWx9g0IVx/lFpLR9FFGWTP8STPERIQDX3td3ztYyH5QX4ly5qk+9kBoopjRRlRhuwcl1Ju9sf8vrP/+E3B05cS22UKoitBMxJJMrIs6sny3oVP/F+3fs+yspyTnxtqm2QDQ8gqGomkyk0lv67+SZNYvEXdf/JGB5mU8QebpAyd3rW0p/vN2tXKWXwsKmhh4fP9oXO32tEEjRAyEDpR0nq6FHlWz9/b4qQhvMt4lPi8hoFHapqhBFnkSZomhUq+vmd8fIqkfcUXwSQkv/ZMfPys8v1HT+o+TXld/tXLtBLp6RmeFEWJ3t7FHhVydX7uV8Hnop/fd5c9PDyefKkbVnJyWpGkly8r6niTE4giZadVZwskJ7esU/7Et+ymbj9OLfzwUVIDmiGlXF50UhOEkTTp5VrVy+39Up3E5+Z38sofAXoDaEQBMSxNII6m9U3qV8K9Ov6WnV1Bdv0nfrdpQvgnJlzQljAxMZH7b007/Sfw+sJ22ZzX/63ftvzze5Tywxcv3LPe6jxohjVVq1jy4bcmLv1d8yxoLfxdcv6b7vP/jhD+m4yj6KogYG0EFEKwNuKKPAUBG0ZAIQQbNo6imoKAtRFQCMHaiCvyFARsGAGFEGzYOIpqCgLWRkAhBGsjrshTELBhBBRCsGHjKKopCFgbAYUQrI24Ik9BwIYRUAjBho2jqKYgYG0EFEKwNuKKPAUBG0ZAIQQbNo6imoKAtRFQCMHaiCvyFARsGAGFEGzYOIpqCgLWRkAhBGsjrshTELBhBBRCsGHjKKopCFgbAYUQrI24Ik9BwIYRUAjBho2jqKYgYG0EFEKwNuKKPAUBG0ZAIQQbNo6imoKAtRFQCMHaiCvyFARsGAGFEGzYOIpqCgLWRkAhBGsjrshTELBhBBRCsGHjKKopCFgbAYUQrI24Ik9BwIYRUAjBho2jqKYgYG0EFEKwNuKKPAUBG0ZAIQQbNo6imoKAtRFQCMHaiCvyFARsGAGFEGzYOIpqCgLWRkAhBGsjrshTELBhBBRCsGHjKKopCFgbAYUQrI24Ik9BwIYRUAjBho2jqKYgYG0EFEKwNuKKPAUBG0ZAIQQbNo6imoKAtRFQCMHaiCvyFARsGAGFEGzYOIpqCgLWRkAhBGsjrshTELBhBBRCsGHjKKopCFgbAYUQrI24Ik9BwIYRUAjBho2jqKYgYG0EFEKwNuKKPAUBG0ZAIQQbNo6imoKAtRFQCMHaiCvyFARsGAGFEGzYOIpqCgLWRkAhBGsjrshTELBhBBRCsGHjKKopCFgbAYUQrI24Ik9BwIYRUAjBho2jqKYgYG0EFEKwNuKKPAUBG0ZAIQQbNo6imoKAtRFQCMHaiCvyFARsGAGFEGzYOIpqCgLWRuB/AEQBtcR0EHD0AAAAAElFTkSuQmCC", ++++ "url": "https://github.com/hellracer/cs-haproxy-bouncer", ++++ "description": "a minimalist bouncer for haproxy", ++++ "stars": 6, ++++ "downloads": 0, ++++ "readme_content": "IyBDUy1IYXByb3h5LUJvdW5jZXIKCkEgbWluaW1hbGlzdCBjcm93ZHNlYyBib3VuY2VyIGZvciBoYXByb3h5CgojIyBJbnN0YWxsYXRpb24KCk9uIERlYmlhbiAvIFVidW50dQoKYGBgCmFwdC1nZXQgaW5zdGFsbCBsdWEtanNvbgpgYGAKIyMgVXNhZ2UKClRoaXMgaGFwcm94eSBleHRlbnNpb25zIHdpbGwgdHJpZ2dlciA0MDMgLSBGb3JiaWRkZW4gUmVzcG9uc2UgaWYgdGhlIHNvdXJjZSBJUCBpcyBiYW4gZnJvbSBjcm93ZHNlYyBsb2NhbCBhcGkKCiMjIENvbnRyaWJ1dGluZwoKMS4gRm9yayBpdCEKMi4gQ3JlYXRlIHlvdXIgZmVhdHVyZSBicmFuY2g6IGBnaXQgY2hlY2tvdXQgLWIgbXktbmV3LWZlYXR1cmVgCjMuIENvbW1pdCB5b3VyIGNoYW5nZXM6IGBnaXQgY29tbWl0IC1hbSAnQWRkIHNvbWUgZmVhdHVyZSdgCjQuIFB1c2ggdG8gdGhlIGJyYW5jaDogYGdpdCBwdXNoIG9yaWdpbiBteS1uZXctZmVhdHVyZWAKNS4gU3VibWl0IGEgcHVsbCByZXF1ZXN0IDpECgojIyBIaXN0b3J5CgpJbml0aWFsIFJlbGVhc2UKCiMjIENyZWRpdHMKCmFuZXppcm92aWMgQWRpcyBOZXppcm92aWMgLSBodHRwczovL2dpdGh1Yi5jb20vaGFwcm94eXRlY2gvaGFwcm94eS1sdWEtaHR0cAoKIyMgTGljZW5zZQoKICBBcGFjaGUgTGljZW5zZQogICAgICAgICAgICAgICAgICAgICAgICAgICBWZXJzaW9uIDIuMCwgSmFudWFyeSAyMDA0CiAgICAgICAgICAgICAgICAgICAgICAgIGh0dHA6Ly93d3cuYXBhY2hlLm9yZy9saWNlbnNlcy8KCiAgIFRFUk1TIEFORCBDT05ESVRJT05TIEZPUiBVU0UsIFJFUFJPRFVDVElPTiwgQU5EIERJU1RSSUJVVElPTgoKICAgMS4gRGVmaW5pdGlvbnMuCgogICAgICAiTGljZW5zZSIgc2hhbGwgbWVhbiB0aGUgdGVybXMgYW5kIGNvbmRpdGlvbnMgZm9yIHVzZSwgcmVwcm9kdWN0aW9uLAogICAgICBhbmQgZGlzdHJpYnV0aW9uIGFzIGRlZmluZWQgYnkgU2VjdGlvbnMgMSB0aHJvdWdoIDkgb2YgdGhpcyBkb2N1bWVudC4KCiAgICAgICJMaWNlbnNvciIgc2hhbGwgbWVhbiB0aGUgY29weXJpZ2h0IG93bmVyIG9yIGVudGl0eSBhdXRob3JpemVkIGJ5CiAgICAgIHRoZSBjb3B5cmlnaHQgb3duZXIgdGhhdCBpcyBncmFudGluZyB0aGUgTGljZW5zZS4KCiAgICAgICJMZWdhbCBFbnRpdHkiIHNoYWxsIG1lYW4gdGhlIHVuaW9uIG9mIHRoZSBhY3RpbmcgZW50aXR5IGFuZCBhbGwKICAgICAgb3RoZXIgZW50aXRpZXMgdGhhdCBjb250cm9sLCBhcmUgY29udHJvbGxlZCBieSwgb3IgYXJlIHVuZGVyIGNvbW1vbgogICAgICBjb250cm9sIHdpdGggdGhhdCBlbnRpdHkuIEZvciB0aGUgcHVycG9zZXMgb2YgdGhpcyBkZWZpbml0aW9uLAogICAgICAiY29udHJvbCIgbWVhbnMgKGkpIHRoZSBwb3dlciwgZGlyZWN0IG9yIGluZGlyZWN0LCB0byBjYXVzZSB0aGUKICAgICAgZGlyZWN0aW9uIG9yIG1hbmFnZW1lbnQgb2Ygc3VjaCBlbnRpdHksIHdoZXRoZXIgYnkgY29udHJhY3Qgb3IKICAgICAgb3RoZXJ3aXNlLCBvciAoaWkpIG93bmVyc2hpcCBvZiBmaWZ0eSBwZXJjZW50ICg1MCUpIG9yIG1vcmUgb2YgdGhlCiAgICAgIG91dHN0YW5kaW5nIHNoYXJlcywgb3IgKGlpaSkgYmVuZWZpY2lhbCBvd25lcnNoaXAgb2Ygc3VjaCBlbnRpdHkuCgogICAgICAiWW91IiAob3IgIllvdXIiKSBzaGFsbCBtZWFuIGFuIGluZGl2aWR1YWwgb3IgTGVnYWwgRW50aXR5CiAgICAgIGV4ZXJjaXNpbmcgcGVybWlzc2lvbnMgZ3JhbnRlZCBieSB0aGlzIExpY2Vuc2UuCgogICAgICAiU291cmNlIiBmb3JtIHNoYWxsIG1lYW4gdGhlIHByZWZlcnJlZCBmb3JtIGZvciBtYWtpbmcgbW9kaWZpY2F0aW9ucywKICAgICAgaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0byBzb2Z0d2FyZSBzb3VyY2UgY29kZSwgZG9jdW1lbnRhdGlvbgogICAgICBzb3VyY2UsIGFuZCBjb25maWd1cmF0aW9uIGZpbGVzLgoKICAgICAgIk9iamVjdCIgZm9ybSBzaGFsbCBtZWFuIGFueSBmb3JtIHJlc3VsdGluZyBmcm9tIG1lY2hhbmljYWwKICAgICAgdHJhbnNmb3JtYXRpb24gb3IgdHJhbnNsYXRpb24gb2YgYSBTb3VyY2UgZm9ybSwgaW5jbHVkaW5nIGJ1dAogICAgICBub3QgbGltaXRlZCB0byBjb21waWxlZCBvYmplY3QgY29kZSwgZ2VuZXJhdGVkIGRvY3VtZW50YXRpb24sCiAgICAgIGFuZCBjb252ZXJzaW9ucyB0byBvdGhlciBtZWRpYSB0eXBlcy4KCiAgICAgICJXb3JrIiBzaGFsbCBtZWFuIHRoZSB3b3JrIG9mIGF1dGhvcnNoaXAsIHdoZXRoZXIgaW4gU291cmNlIG9yCiAgICAgIE9iamVjdCBmb3JtLCBtYWRlIGF2YWlsYWJsZSB1bmRlciB0aGUgTGljZW5zZSwgYXMgaW5kaWNhdGVkIGJ5IGEKICAgICAgY29weXJpZ2h0IG5vdGljZSB0aGF0IGlzIGluY2x1ZGVkIGluIG9yIGF0dGFjaGVkIHRvIHRoZSB3b3JrCiAgICAgIChhbiBleGFtcGxlIGlzIHByb3ZpZGVkIGluIHRoZSBBcHBlbmRpeCBiZWxvdykuCgogICAgICAiRGVyaXZhdGl2ZSBXb3JrcyIgc2hhbGwgbWVhbiBhbnkgd29yaywgd2hldGhlciBpbiBTb3VyY2Ugb3IgT2JqZWN0CiAgICAgIGZvcm0sIHRoYXQgaXMgYmFzZWQgb24gKG9yIGRlcml2ZWQgZnJvbSkgdGhlIFdvcmsgYW5kIGZvciB3aGljaCB0aGUKICAgICAgZWRpdG9yaWFsIHJldmlzaW9ucywgYW5ub3RhdGlvbnMsIGVsYWJvcmF0aW9ucywgb3Igb3RoZXIgbW9kaWZpY2F0aW9ucwogICAgICByZXByZXNlbnQsIGFzIGEgd2hvbGUsIGFuIG9yaWdpbmFsIHdvcmsgb2YgYXV0aG9yc2hpcC4gRm9yIHRoZSBwdXJwb3NlcwogICAgICBvZiB0aGlzIExpY2Vuc2UsIERlcml2YXRpdmUgV29ya3Mgc2hhbGwgbm90IGluY2x1ZGUgd29ya3MgdGhhdCByZW1haW4KICAgICAgc2VwYXJhYmxlIGZyb20sIG9yIG1lcmVseSBsaW5rIChvciBiaW5kIGJ5IG5hbWUpIHRvIHRoZSBpbnRlcmZhY2VzIG9mLAogICAgICB0aGUgV29yayBhbmQgRGVyaXZhdGl2ZSBXb3JrcyB0aGVyZW9mLgoKICAgICAgIkNvbnRyaWJ1dGlvbiIgc2hhbGwgbWVhbiBhbnkgd29yayBvZiBhdXRob3JzaGlwLCBpbmNsdWRpbmcKICAgICAgdGhlIG9yaWdpbmFsIHZlcnNpb24gb2YgdGhlIFdvcmsgYW5kIGFueSBtb2RpZmljYXRpb25zIG9yIGFkZGl0aW9ucwogICAgICB0byB0aGF0IFdvcmsgb3IgRGVyaXZhdGl2ZSBXb3JrcyB0aGVyZW9mLCB0aGF0IGlzIGludGVudGlvbmFsbHkKICAgICAgc3VibWl0dGVkIHRvIExpY2Vuc29yIGZvciBpbmNsdXNpb24gaW4gdGhlIFdvcmsgYnkgdGhlIGNvcHlyaWdodCBvd25lcgogICAgICBvciBieSBhbiBpbmRpdmlkdWFsIG9yIExlZ2FsIEVudGl0eSBhdXRob3JpemVkIHRvIHN1Ym1pdCBvbiBiZWhhbGYgb2YKICAgICAgdGhlIGNvcHlyaWdodCBvd25lci4gRm9yIHRoZSBwdXJwb3NlcyBvZiB0aGlzIGRlZmluaXRpb24sICJzdWJtaXR0ZWQiCiAgICAgIG1lYW5zIGFueSBmb3JtIG9mIGVsZWN0cm9uaWMsIHZlcmJhbCwgb3Igd3JpdHRlbiBjb21tdW5pY2F0aW9uIHNlbnQKICAgICAgdG8gdGhlIExpY2Vuc29yIG9yIGl0cyByZXByZXNlbnRhdGl2ZXMsIGluY2x1ZGluZyBidXQgbm90IGxpbWl0ZWQgdG8KICAgICAgY29tbXVuaWNhdGlvbiBvbiBlbGVjdHJvbmljIG1haWxpbmcgbGlzdHMsIHNvdXJjZSBjb2RlIGNvbnRyb2wgc3lzdGVtcywKICAgICAgYW5kIGlzc3VlIHRyYWNraW5nIHN5c3RlbXMgdGhhdCBhcmUgbWFuYWdlZCBieSwgb3Igb24gYmVoYWxmIG9mLCB0aGUKICAgICAgTGljZW5zb3IgZm9yIHRoZSBwdXJwb3NlIG9mIGRpc2N1c3NpbmcgYW5kIGltcHJvdmluZyB0aGUgV29yaywgYnV0CiAgICAgIGV4Y2x1ZGluZyBjb21tdW5pY2F0aW9uIHRoYXQgaXMgY29uc3BpY3VvdXNseSBtYXJrZWQgb3Igb3RoZXJ3aXNlCiAgICAgIGRlc2lnbmF0ZWQgaW4gd3JpdGluZyBieSB0aGUgY29weXJpZ2h0IG93bmVyIGFzICJOb3QgYSBDb250cmlidXRpb24uIgoKICAgICAgIkNvbnRyaWJ1dG9yIiBzaGFsbCBtZWFuIExpY2Vuc29yIGFuZCBhbnkgaW5kaXZpZHVhbCBvciBMZWdhbCBFbnRpdHkKICAgICAgb24gYmVoYWxmIG9mIHdob20gYSBDb250cmlidXRpb24gaGFzIGJlZW4gcmVjZWl2ZWQgYnkgTGljZW5zb3IgYW5kCiAgICAgIHN1YnNlcXVlbnRseSBpbmNvcnBvcmF0ZWQgd2l0aGluIHRoZSBXb3JrLgoKICAgMi4gR3JhbnQgb2YgQ29weXJpZ2h0IExpY2Vuc2UuIFN1YmplY3QgdG8gdGhlIHRlcm1zIGFuZCBjb25kaXRpb25zIG9mCiAgICAgIHRoaXMgTGljZW5zZSwgZWFjaCBDb250cmlidXRvciBoZXJlYnkgZ3JhbnRzIHRvIFlvdSBhIHBlcnBldHVhbCwKICAgICAgd29ybGR3aWRlLCBub24tZXhjbHVzaXZlLCBuby1jaGFyZ2UsIHJveWFsdHktZnJlZSwgaXJyZXZvY2FibGUKICAgICAgY29weXJpZ2h0IGxpY2Vuc2UgdG8gcmVwcm9kdWNlLCBwcmVwYXJlIERlcml2YXRpdmUgV29ya3Mgb2YsCiAgICAgIHB1YmxpY2x5IGRpc3BsYXksIHB1YmxpY2x5IHBlcmZvcm0sIHN1YmxpY2Vuc2UsIGFuZCBkaXN0cmlidXRlIHRoZQogICAgICBXb3JrIGFuZCBzdWNoIERlcml2YXRpdmUgV29ya3MgaW4gU291cmNlIG9yIE9iamVjdCBmb3JtLgoKICAgMy4gR3JhbnQgb2YgUGF0ZW50IExpY2Vuc2UuIFN1YmplY3QgdG8gdGhlIHRlcm1zIGFuZCBjb25kaXRpb25zIG9mCiAgICAgIHRoaXMgTGljZW5zZSwgZWFjaCBDb250cmlidXRvciBoZXJlYnkgZ3JhbnRzIHRvIFlvdSBhIHBlcnBldHVhbCwKICAgICAgd29ybGR3aWRlLCBub24tZXhjbHVzaXZlLCBuby1jaGFyZ2UsIHJveWFsdHktZnJlZSwgaXJyZXZvY2FibGUKICAgICAgKGV4Y2VwdCBhcyBzdGF0ZWQgaW4gdGhpcyBzZWN0aW9uKSBwYXRlbnQgbGljZW5zZSB0byBtYWtlLCBoYXZlIG1hZGUsCiAgICAgIHVzZSwgb2ZmZXIgdG8gc2VsbCwgc2VsbCwgaW1wb3J0LCBhbmQgb3RoZXJ3aXNlIHRyYW5zZmVyIHRoZSBXb3JrLAogICAgICB3aGVyZSBzdWNoIGxpY2Vuc2UgYXBwbGllcyBvbmx5IHRvIHRob3NlIHBhdGVudCBjbGFpbXMgbGljZW5zYWJsZQogICAgICBieSBzdWNoIENvbnRyaWJ1dG9yIHRoYXQgYXJlIG5lY2Vzc2FyaWx5IGluZnJpbmdlZCBieSB0aGVpcgogICAgICBDb250cmlidXRpb24ocykgYWxvbmUgb3IgYnkgY29tYmluYXRpb24gb2YgdGhlaXIgQ29udHJpYnV0aW9uKHMpCiAgICAgIHdpdGggdGhlIFdvcmsgdG8gd2hpY2ggc3VjaCBDb250cmlidXRpb24ocykgd2FzIHN1Ym1pdHRlZC4gSWYgWW91CiAgICAgIGluc3RpdHV0ZSBwYXRlbnQgbGl0aWdhdGlvbiBhZ2FpbnN0IGFueSBlbnRpdHkgKGluY2x1ZGluZyBhCiAgICAgIGNyb3NzLWNsYWltIG9yIGNvdW50ZXJjbGFpbSBpbiBhIGxhd3N1aXQpIGFsbGVnaW5nIHRoYXQgdGhlIFdvcmsKICAgICAgb3IgYSBDb250cmlidXRpb24gaW5jb3Jwb3JhdGVkIHdpdGhpbiB0aGUgV29yayBjb25zdGl0dXRlcyBkaXJlY3QKICAgICAgb3IgY29udHJpYnV0b3J5IHBhdGVudCBpbmZyaW5nZW1lbnQsIHRoZW4gYW55IHBhdGVudCBsaWNlbnNlcwogICAgICBncmFudGVkIHRvIFlvdSB1bmRlciB0aGlzIExpY2Vuc2UgZm9yIHRoYXQgV29yayBzaGFsbCB0ZXJtaW5hdGUKICAgICAgYXMgb2YgdGhlIGRhdGUgc3VjaCBsaXRpZ2F0aW9uIGlzIGZpbGVkLgoKICAgNC4gUmVkaXN0cmlidXRpb24uIFlvdSBtYXkgcmVwcm9kdWNlIGFuZCBkaXN0cmlidXRlIGNvcGllcyBvZiB0aGUKICAgICAgV29yayBvciBEZXJpdmF0aXZlIFdvcmtzIHRoZXJlb2YgaW4gYW55IG1lZGl1bSwgd2l0aCBvciB3aXRob3V0CiAgICAgIG1vZGlmaWNhdGlvbnMsIGFuZCBpbiBTb3VyY2Ugb3IgT2JqZWN0IGZvcm0sIHByb3ZpZGVkIHRoYXQgWW91CiAgICAgIG1lZXQgdGhlIGZvbGxvd2luZyBjb25kaXRpb25zOgoKICAgICAgKGEpIFlvdSBtdXN0IGdpdmUgYW55IG90aGVyIHJlY2lwaWVudHMgb2YgdGhlIFdvcmsgb3IKICAgICAgICAgIERlcml2YXRpdmUgV29ya3MgYSBjb3B5IG9mIHRoaXMgTGljZW5zZTsgYW5kCgogICAgICAoYikgWW91IG11c3QgY2F1c2UgYW55IG1vZGlmaWVkIGZpbGVzIHRvIGNhcnJ5IHByb21pbmVudCBub3RpY2VzCiAgICAgICAgICBzdGF0aW5nIHRoYXQgWW91IGNoYW5nZWQgdGhlIGZpbGVzOyBhbmQKCiAgICAgIChjKSBZb3UgbXVzdCByZXRhaW4sIGluIHRoZSBTb3VyY2UgZm9ybSBvZiBhbnkgRGVyaXZhdGl2ZSBXb3JrcwogICAgICAgICAgdGhhdCBZb3UgZGlzdHJpYnV0ZSwgYWxsIGNvcHlyaWdodCwgcGF0ZW50LCB0cmFkZW1hcmssIGFuZAogICAgICAgICAgYXR0cmlidXRpb24gbm90aWNlcyBmcm9tIHRoZSBTb3VyY2UgZm9ybSBvZiB0aGUgV29yaywKICAgICAgICAgIGV4Y2x1ZGluZyB0aG9zZSBub3RpY2VzIHRoYXQgZG8gbm90IHBlcnRhaW4gdG8gYW55IHBhcnQgb2YKICAgICAgICAgIHRoZSBEZXJpdmF0aXZlIFdvcmtzOyBhbmQKCiAgICAgIChkKSBJZiB0aGUgV29yayBpbmNsdWRlcyBhICJOT1RJQ0UiIHRleHQgZmlsZSBhcyBwYXJ0IG9mIGl0cwogICAgICAgICAgZGlzdHJpYnV0aW9uLCB0aGVuIGFueSBEZXJpdmF0aXZlIFdvcmtzIHRoYXQgWW91IGRpc3RyaWJ1dGUgbXVzdAogICAgICAgICAgaW5jbHVkZSBhIHJlYWRhYmxlIGNvcHkgb2YgdGhlIGF0dHJpYnV0aW9uIG5vdGljZXMgY29udGFpbmVkCiAgICAgICAgICB3aXRoaW4gc3VjaCBOT1RJQ0UgZmlsZSwgZXhjbHVkaW5nIHRob3NlIG5vdGljZXMgdGhhdCBkbyBub3QKICAgICAgICAgIHBlcnRhaW4gdG8gYW55IHBhcnQgb2YgdGhlIERlcml2YXRpdmUgV29ya3MsIGluIGF0IGxlYXN0IG9uZQogICAgICAgICAgb2YgdGhlIGZvbGxvd2luZyBwbGFjZXM6IHdpdGhpbiBhIE5PVElDRSB0ZXh0IGZpbGUgZGlzdHJpYnV0ZWQKICAgICAgICAgIGFzIHBhcnQgb2YgdGhlIERlcml2YXRpdmUgV29ya3M7IHdpdGhpbiB0aGUgU291cmNlIGZvcm0gb3IKICAgICAgICAgIGRvY3VtZW50YXRpb24sIGlmIHByb3ZpZGVkIGFsb25nIHdpdGggdGhlIERlcml2YXRpdmUgV29ya3M7IG9yLAogICAgICAgICAgd2l0aGluIGEgZGlzcGxheSBnZW5lcmF0ZWQgYnkgdGhlIERlcml2YXRpdmUgV29ya3MsIGlmIGFuZAogICAgICAgICAgd2hlcmV2ZXIgc3VjaCB0aGlyZC1wYXJ0eSBub3RpY2VzIG5vcm1hbGx5IGFwcGVhci4gVGhlIGNvbnRlbnRzCiAgICAgICAgICBvZiB0aGUgTk9USUNFIGZpbGUgYXJlIGZvciBpbmZvcm1hdGlvbmFsIHB1cnBvc2VzIG9ubHkgYW5kCiAgICAgICAgICBkbyBub3QgbW9kaWZ5IHRoZSBMaWNlbnNlLiBZb3UgbWF5IGFkZCBZb3VyIG93biBhdHRyaWJ1dGlvbgogICAgICAgICAgbm90aWNlcyB3aXRoaW4gRGVyaXZhdGl2ZSBXb3JrcyB0aGF0IFlvdSBkaXN0cmlidXRlLCBhbG9uZ3NpZGUKICAgICAgICAgIG9yIGFzIGFuIGFkZGVuZHVtIHRvIHRoZSBOT1RJQ0UgdGV4dCBmcm9tIHRoZSBXb3JrLCBwcm92aWRlZAogICAgICAgICAgdGhhdCBzdWNoIGFkZGl0aW9uYWwgYXR0cmlidXRpb24gbm90aWNlcyBjYW5ub3QgYmUgY29uc3RydWVkCiAgICAgICAgICBhcyBtb2RpZnlpbmcgdGhlIExpY2Vuc2UuCgogICAgICBZb3UgbWF5IGFkZCBZb3VyIG93biBjb3B5cmlnaHQgc3RhdGVtZW50IHRvIFlvdXIgbW9kaWZpY2F0aW9ucyBhbmQKICAgICAgbWF5IHByb3ZpZGUgYWRkaXRpb25hbCBvciBkaWZmZXJlbnQgbGljZW5zZSB0ZXJtcyBhbmQgY29uZGl0aW9ucwogICAgICBmb3IgdXNlLCByZXByb2R1Y3Rpb24sIG9yIGRpc3RyaWJ1dGlvbiBvZiBZb3VyIG1vZGlmaWNhdGlvbnMsIG9yCiAgICAgIGZvciBhbnkgc3VjaCBEZXJpdmF0aXZlIFdvcmtzIGFzIGEgd2hvbGUsIHByb3ZpZGVkIFlvdXIgdXNlLAogICAgICByZXByb2R1Y3Rpb24sIGFuZCBkaXN0cmlidXRpb24gb2YgdGhlIFdvcmsgb3RoZXJ3aXNlIGNvbXBsaWVzIHdpdGgKICAgICAgdGhlIGNvbmRpdGlvbnMgc3RhdGVkIGluIHRoaXMgTGljZW5zZS4KCiAgIDUuIFN1Ym1pc3Npb24gb2YgQ29udHJpYnV0aW9ucy4gVW5sZXNzIFlvdSBleHBsaWNpdGx5IHN0YXRlIG90aGVyd2lzZSwKICAgICAgYW55IENvbnRyaWJ1dGlvbiBpbnRlbnRpb25hbGx5IHN1Ym1pdHRlZCBmb3IgaW5jbHVzaW9uIGluIHRoZSBXb3JrCiAgICAgIGJ5IFlvdSB0byB0aGUgTGljZW5zb3Igc2hhbGwgYmUgdW5kZXIgdGhlIHRlcm1zIGFuZCBjb25kaXRpb25zIG9mCiAgICAgIHRoaXMgTGljZW5zZSwgd2l0aG91dCBhbnkgYWRkaXRpb25hbCB0ZXJtcyBvciBjb25kaXRpb25zLgogICAgICBOb3R3aXRoc3RhbmRpbmcgdGhlIGFib3ZlLCBub3RoaW5nIGhlcmVpbiBzaGFsbCBzdXBlcnNlZGUgb3IgbW9kaWZ5CiAgICAgIHRoZSB0ZXJtcyBvZiBhbnkgc2VwYXJhdGUgbGljZW5zZSBhZ3JlZW1lbnQgeW91IG1heSBoYXZlIGV4ZWN1dGVkCiAgICAgIHdpdGggTGljZW5zb3IgcmVnYXJkaW5nIHN1Y2ggQ29udHJpYnV0aW9ucy4KCiAgIDYuIFRyYWRlbWFya3MuIFRoaXMgTGljZW5zZSBkb2VzIG5vdCBncmFudCBwZXJtaXNzaW9uIHRvIHVzZSB0aGUgdHJhZGUKICAgICAgbmFtZXMsIHRyYWRlbWFya3MsIHNlcnZpY2UgbWFya3MsIG9yIHByb2R1Y3QgbmFtZXMgb2YgdGhlIExpY2Vuc29yLAogICAgICBleGNlcHQgYXMgcmVxdWlyZWQgZm9yIHJlYXNvbmFibGUgYW5kIGN1c3RvbWFyeSB1c2UgaW4gZGVzY3JpYmluZyB0aGUKICAgICAgb3JpZ2luIG9mIHRoZSBXb3JrIGFuZCByZXByb2R1Y2luZyB0aGUgY29udGVudCBvZiB0aGUgTk9USUNFIGZpbGUuCgogICA3LiBEaXNjbGFpbWVyIG9mIFdhcnJhbnR5LiBVbmxlc3MgcmVxdWlyZWQgYnkgYXBwbGljYWJsZSBsYXcgb3IKICAgICAgYWdyZWVkIHRvIGluIHdyaXRpbmcsIExpY2Vuc29yIHByb3ZpZGVzIHRoZSBXb3JrIChhbmQgZWFjaAogICAgICBDb250cmlidXRvciBwcm92aWRlcyBpdHMgQ29udHJpYnV0aW9ucykgb24gYW4gIkFTIElTIiBCQVNJUywKICAgICAgV0lUSE9VVCBXQVJSQU5USUVTIE9SIENPTkRJVElPTlMgT0YgQU5ZIEtJTkQsIGVpdGhlciBleHByZXNzIG9yCiAgICAgIGltcGxpZWQsIGluY2x1ZGluZywgd2l0aG91dCBsaW1pdGF0aW9uLCBhbnkgd2FycmFudGllcyBvciBjb25kaXRpb25zCiAgICAgIG9mIFRJVExFLCBOT04tSU5GUklOR0VNRU5ULCBNRVJDSEFOVEFCSUxJVFksIG9yIEZJVE5FU1MgRk9SIEEKICAgICAgUEFSVElDVUxBUiBQVVJQT1NFLiBZb3UgYXJlIHNvbGVseSByZXNwb25zaWJsZSBmb3IgZGV0ZXJtaW5pbmcgdGhlCiAgICAgIGFwcHJvcHJpYXRlbmVzcyBvZiB1c2luZyBvciByZWRpc3RyaWJ1dGluZyB0aGUgV29yayBhbmQgYXNzdW1lIGFueQogICAgICByaXNrcyBhc3NvY2lhdGVkIHdpdGggWW91ciBleGVyY2lzZSBvZiBwZXJtaXNzaW9ucyB1bmRlciB0aGlzIExpY2Vuc2UuCgogICA4LiBMaW1pdGF0aW9uIG9mIExpYWJpbGl0eS4gSW4gbm8gZXZlbnQgYW5kIHVuZGVyIG5vIGxlZ2FsIHRoZW9yeSwKICAgICAgd2hldGhlciBpbiB0b3J0IChpbmNsdWRpbmcgbmVnbGlnZW5jZSksIGNvbnRyYWN0LCBvciBvdGhlcndpc2UsCiAgICAgIHVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyAoc3VjaCBhcyBkZWxpYmVyYXRlIGFuZCBncm9zc2x5CiAgICAgIG5lZ2xpZ2VudCBhY3RzKSBvciBhZ3JlZWQgdG8gaW4gd3JpdGluZywgc2hhbGwgYW55IENvbnRyaWJ1dG9yIGJlCiAgICAgIGxpYWJsZSB0byBZb3UgZm9yIGRhbWFnZXMsIGluY2x1ZGluZyBhbnkgZGlyZWN0LCBpbmRpcmVjdCwgc3BlY2lhbCwKICAgICAgaW5jaWRlbnRhbCwgb3IgY29uc2VxdWVudGlhbCBkYW1hZ2VzIG9mIGFueSBjaGFyYWN0ZXIgYXJpc2luZyBhcyBhCiAgICAgIHJlc3VsdCBvZiB0aGlzIExpY2Vuc2Ugb3Igb3V0IG9mIHRoZSB1c2Ugb3IgaW5hYmlsaXR5IHRvIHVzZSB0aGUKICAgICAgV29yayAoaW5jbHVkaW5nIGJ1dCBub3QgbGltaXRlZCB0byBkYW1hZ2VzIGZvciBsb3NzIG9mIGdvb2R3aWxsLAogICAgICB3b3JrIHN0b3BwYWdlLCBjb21wdXRlciBmYWlsdXJlIG9yIG1hbGZ1bmN0aW9uLCBvciBhbnkgYW5kIGFsbAogICAgICBvdGhlciBjb21tZXJjaWFsIGRhbWFnZXMgb3IgbG9zc2VzKSwgZXZlbiBpZiBzdWNoIENvbnRyaWJ1dG9yCiAgICAgIGhhcyBiZWVuIGFkdmlzZWQgb2YgdGhlIHBvc3NpYmlsaXR5IG9mIHN1Y2ggZGFtYWdlcy4KCiAgIDkuIEFjY2VwdGluZyBXYXJyYW50eSBvciBBZGRpdGlvbmFsIExpYWJpbGl0eS4gV2hpbGUgcmVkaXN0cmlidXRpbmcKICAgICAgdGhlIFdvcmsgb3IgRGVyaXZhdGl2ZSBXb3JrcyB0aGVyZW9mLCBZb3UgbWF5IGNob29zZSB0byBvZmZlciwKICAgICAgYW5kIGNoYXJnZSBhIGZlZSBmb3IsIGFjY2VwdGFuY2Ugb2Ygc3VwcG9ydCwgd2FycmFudHksIGluZGVtbml0eSwKICAgICAgb3Igb3RoZXIgbGlhYmlsaXR5IG9ibGlnYXRpb25zIGFuZC9vciByaWdodHMgY29uc2lzdGVudCB3aXRoIHRoaXMKICAgICAgTGljZW5zZS4gSG93ZXZlciwgaW4gYWNjZXB0aW5nIHN1Y2ggb2JsaWdhdGlvbnMsIFlvdSBtYXkgYWN0IG9ubHkKICAgICAgb24gWW91ciBvd24gYmVoYWxmIGFuZCBvbiBZb3VyIHNvbGUgcmVzcG9uc2liaWxpdHksIG5vdCBvbiBiZWhhbGYKICAgICAgb2YgYW55IG90aGVyIENvbnRyaWJ1dG9yLCBhbmQgb25seSBpZiBZb3UgYWdyZWUgdG8gaW5kZW1uaWZ5LAogICAgICBkZWZlbmQsIGFuZCBob2xkIGVhY2ggQ29udHJpYnV0b3IgaGFybWxlc3MgZm9yIGFueSBsaWFiaWxpdHkKICAgICAgaW5jdXJyZWQgYnksIG9yIGNsYWltcyBhc3NlcnRlZCBhZ2FpbnN0LCBzdWNoIENvbnRyaWJ1dG9yIGJ5IHJlYXNvbgogICAgICBvZiB5b3VyIGFjY2VwdGluZyBhbnkgc3VjaCB3YXJyYW50eSBvciBhZGRpdGlvbmFsIGxpYWJpbGl0eS4KCiAgIEVORCBPRiBURVJNUyBBTkQgQ09ORElUSU9OUwoKICAgQVBQRU5ESVg6IEhvdyB0byBhcHBseSB0aGUgQXBhY2hlIExpY2Vuc2UgdG8geW91ciB3b3JrLgoKICAgICAgVG8gYXBwbHkgdGhlIEFwYWNoZSBMaWNlbnNlIHRvIHlvdXIgd29yaywgYXR0YWNoIHRoZSBmb2xsb3dpbmcKICAgICAgYm9pbGVycGxhdGUgbm90aWNlLCB3aXRoIHRoZSBmaWVsZHMgZW5jbG9zZWQgYnkgYnJhY2tldHMgIltdIgogICAgICByZXBsYWNlZCB3aXRoIHlvdXIgb3duIGlkZW50aWZ5aW5nIGluZm9ybWF0aW9uLiAoRG9uJ3QgaW5jbHVkZQogICAgICB0aGUgYnJhY2tldHMhKSAgVGhlIHRleHQgc2hvdWxkIGJlIGVuY2xvc2VkIGluIHRoZSBhcHByb3ByaWF0ZQogICAgICBjb21tZW50IHN5bnRheCBmb3IgdGhlIGZpbGUgZm9ybWF0LiBXZSBhbHNvIHJlY29tbWVuZCB0aGF0IGEKICAgICAgZmlsZSBvciBjbGFzcyBuYW1lIGFuZCBkZXNjcmlwdGlvbiBvZiBwdXJwb3NlIGJlIGluY2x1ZGVkIG9uIHRoZQogICAgICBzYW1lICJwcmludGVkIHBhZ2UiIGFzIHRoZSBjb3B5cmlnaHQgbm90aWNlIGZvciBlYXNpZXIKICAgICAgaWRlbnRpZmljYXRpb24gd2l0aGluIHRoaXJkLXBhcnR5IGFyY2hpdmVzLgoKICAgQ29weXJpZ2h0IFt5eXl5XSBbbmFtZSBvZiBjb3B5cmlnaHQgb3duZXJdCgogICBMaWNlbnNlZCB1bmRlciB0aGUgQXBhY2hlIExpY2Vuc2UsIFZlcnNpb24gMi4wICh0aGUgIkxpY2Vuc2UiKTsKICAgeW91IG1heSBub3QgdXNlIHRoaXMgZmlsZSBleGNlcHQgaW4gY29tcGxpYW5jZSB3aXRoIHRoZSBMaWNlbnNlLgogICBZb3UgbWF5IG9idGFpbiBhIGNvcHkgb2YgdGhlIExpY2Vuc2UgYXQKCiAgICAgICBodHRwOi8vd3d3LmFwYWNoZS5vcmcvbGljZW5zZXMvTElDRU5TRS0yLjAKCiAgIFVubGVzcyByZXF1aXJlZCBieSBhcHBsaWNhYmxlIGxhdyBvciBhZ3JlZWQgdG8gaW4gd3JpdGluZywgc29mdHdhcmUKICAgZGlzdHJpYnV0ZWQgdW5kZXIgdGhlIExpY2Vuc2UgaXMgZGlzdHJpYnV0ZWQgb24gYW4gIkFTIElTIiBCQVNJUywKICAgV0lUSE9VVCBXQVJSQU5USUVTIE9SIENPTkRJVElPTlMgT0YgQU5ZIEtJTkQsIGVpdGhlciBleHByZXNzIG9yIGltcGxpZWQuCiAgIFNlZSB0aGUgTGljZW5zZSBmb3IgdGhlIHNwZWNpZmljIGxhbmd1YWdlIGdvdmVybmluZyBwZXJtaXNzaW9ucyBhbmQKICAgbGltaXRhdGlvbnMgdW5kZXIgdGhlIExpY2Vuc2UuCg==", ++++ "version": "v1.0", ++++ "download_url": "https://github.com/hellracer/cs-haproxy-bouncer/releases/tag/v1.0", ++++ "asset_url": "https://api.github.com/repos/hellracer/cs-haproxy-bouncer/zipball/v1.0", ++++ "status": "stable" ++++ } ++++] diff --cc hub1/blockers/list.json index 0000000,0000000,0000000,0000000..1050b06 new file mode 100644 --- /dev/null +++ b/hub1/blockers/list.json @@@@@ -1,0 -1,0 -1,0 -1,0 +1,36 @@@@@ ++++[ ++++ { ++++ "name": "cs-nginx-bouncer", ++++ "author": "crowdsecurity", ++++ "logo": "iVBORw0KGgoAAAANSUhEUgAAAGAAAABgCAYAAADimHc4AAAABmJLR0QA/wD/AP+gvaeTAAAJIElEQVR4nO2de3BU1R3HP+fukheQlJdVIAgiFKUIhSoEeeRBEqzN0KGBsRaTEHBaa4UAikAgBAkglPJsxzIdSAhFrGGYKaIhYReiVR61EEWLBErBgoISsLwSILv39A+GsToE9t69zzSff3N+5/fd882es7vn3N+BZppppplmmnEhhYWFSmFhoWK3jnAQdgvQS2rpY8NVVV0BRAhFTPVlba+wW5MeXGdA2rq0eNUjFkjJOL6pf5tQg5N9ub5/2aVND64xIK00raUaVF6QQr4IRDXS7DrIP0R4PXPKx5VftFKfXpxvgESMWJ/+lISXgXtCjKpFUNQ2OvZ3ZWPLgmbKCxdHG5C8Pv0RIVkBJOjs4oBETtmZU/mOkbqMxJEGJP7psc7eoLrwFvO8XrZ5FDmpMqvyuAF9GYqjDMhYkxFTH9EwXQp1Oohog7t35PrgsVsAABKR3HXkmIA3uBXBKBAtTMjiATEwqMrs7j/pfjmr31PVVVVV0oQ8mrD9HZBSPPJhFLkCyWAr8wrYjyLyfFnb37Uy7y102EPy+h93UmhYZOA8r5dtQSmeqxq//YQdyS1/4RlrMmKuRF1/TkhmA62szn9rZL2QYlW9GrngvQlbL1mZ2bo14OY83yL4FyHJBCIsy31HRAsEQ7xK0PL1wZJ3QGpp6g+DqmeFQD5qRb7wEX9XCebtytnxnumZzOw8dW1qR9XjmQtyIuC2Xy2lEGxWGzwv7Jz41qdmJTHFgITXx0RH11+cJCT5QGszclhInZCsDrS8VlQ1tuqy0Z0bbkBycVqGEGIV0NXovu1FfiYQs3zZFRsQGLY+GGZAUknaAAWxHBhqVJ8O5X2pyryduZW7jegsbAPSN6TfEwiKQpATcMo3a/ORQrAZEXzel+X7dzgd6TZgzOtjIs7XX3wGyUtAbDgiXEydkOI3V1q2XrxnbFm9ng50GXBjnldWgLxPT3wT5JSAfD3rgyYDktel9xcKy4FhmuT9nyAk+0DJ840v3xtyTKgNU9anr0WSQ5if5wfHJ5DZezQ92/UgyhtFXUMdJy+c4oMzH/JGzTbOXP4inO516QCoqT3C5kNb2HMy5LFrDBVBiT+7YkIojUM3oCQ97I9eEwfk8sT3xzb694AaoKS6lD9/XIY07pOeJh2vfvQa6w6UhJ3Dn1MR0tha9u10cHzCbQcfwKt4mTggl18P/JVtOp7s8wSDOg80Lf+3scyAzN6jQ247qlcGWX3H2aZDi9ZwscyAHu3u19Q+q984RvXKsEVHz3Y9Dc/bGJYZEO3VvsX77CPPMKSLsRtloeiIaWH0dnTjOPoXSkUozBw2g9539bZbimk42gCASE8E85PnEh8Xb7cUU3C8AQCxkbEsSVtEh5j2dksxHFcYANAhpj0LRxTRKsIh28gG4RoDALq16Uph0hxaeMw4NmQPrjIAoN/dfZn+6DSEsP1IkyG4zgCApG6JPD0gpJ9aHI8rDQAY2zuTnz5o3TdWs3CtAQC/fPhpUrun2C0jLFxtgEAwbfAUBnTsb7cU3TjOgI+//Iem9l7FS8HwfO5r080kRebiOAPy/QUc/+qEppiWES1ZNKKI77a6yxxRJuI4A65cv8Is32zOXjmrKa5dTDuWpC4iLirOJGXm4DgDAM7W1TLTN4fL17UdROsU24milHlEeRt7iNJ5ONIAgBP/OcHcXS/REGzQFPdA+17MHj4Tj3DHESXHGgDw4ZmDLH53KVJq2x8e1HkgkwY9a5IqY3G0AQBVJ95m9b7fa457vOeP+PlDPzNBkbE43gCArTXb2Hxoi+a4nB9kMbJHugmKjMMVBgCsef+P7Djm1xQjEExNmMzgeL3PeZuPawyQSH67ezn7Pz+gKU4RCvnDZvBghwdMUhYerjEAbhzcmldVxD/PH9MUF+mNZH7KPOLjOpukTD+uMgCgrqGOfH8BX1z+UlNcXGQsC1Lmm6RKP64zAOBc3TmmV87gwtULmuI6tg612Ip1uNIAgM8ufU6+v4Crgat2SwkL1xoAcLi2hqK3FxGUji4JdFtcbQDA3lP7WLVX+xc1p+B6AwDePPIWGw9usluGLpqEAQAl1aVsP+q+wolNxgCJZNmelew+ucduKZpoMgYAqFJlwTsvc+jsJ3ZLCZkmZQDAtcA15vjncvLCKbulhESTMwDgwrWLzPLP4Xz9V3ZLuSNN0gCA05dOM9tfQH1A1/PTlmGZAaEMRF1DnaE5j5w7SsHOeQTUgKY4o3XcDssMOFJ79I5tamqPGJ63+vQHLNu9UtNjr2boaAzLDAhlR0vPrlcoVB7bQUl1acjtzdJxKywzYM/Jvbz60WuN/n3jwU3sO/U30/JvPLiJlXtX33EqNFvHt7H0SXm4cWIhs/dovtf+xqOgh8/WsPnQFstedNvoNiR1S2JIl8F0iYsnLiqO+kC94TpCfVJeS62Il5DyeRNKCjcxZD1CLPVnVxSE0lpbtRTnFFt1KpqLhOsaRLvKDTsVAfulZIp/fMVfdcTqRCKSS0ZmCiGXAl109+NuTgtkYZuYuLV6L4oIexoxueS8UzGsFL5h87gJly44FUMvCzJ8oJJK0wYqKitADDK6b5uplsg8o69DMec/9euLdxYDd5uSwzpMvRDI1KkixKunnEoDyFfMvvLEkrn6NpevOZVtEiVvZ065tjOQOrB0MEYUj0yUQi4H+lmZVwOfCEVMsfJaREs3ZHzjt1cNPZEwQEA2YE19ytA4hyCvbUxsH6vvpLRtOnDI+tAA8hVxTS3w/cKn7aCpQdg+HyduSL/fq7JQSsZYnNqHqkz255YfsjjvN7DdgJukrE9PApYj6WtmHgmHEXLqzuzKcjPzhIpjNuX92RW7hh5P6G/i+nAeQZ5677U+Thl8cNA74H9JLE78jpfIGVKQB0SG2V0DiOJgRIv8qiffqDVCn5E40oCbpBan9pCKsiCM9cGnQt6unAptFUAsxNEG3CS1ZGSKilwGPBRSgKBGSKb5cireNFdZ+LjCAIDEXYle76cRuRIxH2isLMp5KVjSLjp2ednYsutW6tOLawy4yZCNj7eJuh54UQqm8PVtfAEQ6yJUMbs8t1xbmRWbcZ0BN0krTusVFGIZgEfKqZXjKw/bramZZppppplmtPBfF3sPBXFW2BYAAAAASUVORK5CYII=" ++++ },{ ++++ "name": "cs-wordpress-bouncer", ++++ "author": "crowdsecurity", ++++ "logo": "iVBORw0KGgoAAAANSUhEUgAAAGAAAABgCAYAAADimHc4AAAABmJLR0QA/wD/AP+gvaeTAAAYRklEQVR4nO1dd3hUVdr/TabX9N4IJCGYkJAECF2T0KSoGLDifrqAfDYQRNT1cZfdz3VXmiiK4u6KIr0LCkozVCEBAmlASMiENNInkymZ/v2RZJhzp9w7KeDzbH5/zT33zHvOPe8973nbORfoRz/60Y9+9KMf/ehHP/rx3wbWg+6AKyQv/yEkKlA802gyjVS1G+Nb1LqINq1BqjOYuEqtgaPVGz0AQMjjmGVCrpHPZRukQm6bj4hfIRZyijlsdk55nfpQ3srHax70szjD74oBics2i2OCQxYqtfpZ5fVtSbfrlVKLpWc0WSxgUKCsbYC/9JpUyN2bU9WyseqTp7S90+Oe43fBgNlrjs9QqHXvXpY3jlKo9ey+bEsq5JqTInyuS4Xc1Yffm/odwOohi3uGB8aAAS9uEiQlhK7Ou904r7JJLXgQfQj3lWiTB/j8u6jS9Hbp+mm6B9GH+86AxGWbxQMCAjdcLG14tr5Vy3VVl+3BQlKkL4YN8EFMsCcGB3shKkAKqZALLxEPYj4HAKDWGaHQ6NGmNeB2vRIlta0oqWnFVXkTrlU0w0wjxwI9hYYRMQFbatS61y+vmKnpvaelx31lwKw1xxddKq1fWdWs5jurE+Itwuy0KGQMDcGEuGB4iXk9arNFrcOp4rs4WViNvRflqFU4H99wX4lubFzAu9sXZa7rUaNu4L4wIGvtyfiqJuWhnNKGKEf3BVw2stKi8MKEGGQmhIDt0TfdMpktOJpfha1nSrE3Rw6dweSwXlq0f1mwn3jm/iWTrvdJR2zQ5wyYtebo0uyi2lUKtd6Dek/M52Be+mC8/VgiQn3Efd0VAvVKLTYcvY51PxVAqTXY3ZcKueb0hJAPflg2+aO+7EefMSD6jcP8CH/LL9nFNQ9TRTCH7YFFU+Px3hPD4Ct1Ko0AADUtGlyr6JDlV+VNkDe0oVWjh0KtR6tGD5PZAomAC5mQCz+ZADFBnogOkiEp0gfj4oIQ6Cl0Sb9B2Y6/78vDhmPXYTSZiXssFjAtOfw3k9CcfmRR3yzSfcKAaSt/CrpT315QVNnsR703Li4IX/xxDIZG+Dj9/5XyRvyQW4H9uXIUVrb0qC9xIV6YlhyOp0YPxMhof6f1rsqb8Po353G+pM7uXmKkT0Okp+fQg+9PtL/ZQ/Q6A2asPBpzo6rlSlmdUmJbzueysfL5kXh9SjxYDlrV6IzYdKoEnx4uROldZW93CwAwKFCGVyYPwfyMOMiE9gqYxQKsO1KI97blQG8kZ0N0oEyVEuubuvP1iSW92adeZcAz606mnb1x93R1i5pQXQYFyrBjcQZSB9pNCLRq9Fj7YwG+PHYdjW3tvdkdp5AJuXh18kN45/EkeIrstayc0gY88+lJyBvaiPIwH7F+/JDA8dsWZeb0Vl96jQFz1p0c/NuNu/nUwc+ID8HetybaPajFAmw9W4rlWy/iruLBeAb8ZQL8dU4qFmTG2WleLWodnlxzHKeKa4nyMB+x/uGhQYlbXs242Rt96BUGPPrRYf+yelXZrdpWqW35EyMisW1RBgRc0rtw624rXv76rN3DPSiMHRyI7157BAMDiO5DZzDhD19kY/eFcqJ8UKBUHRsmjT68fPrdnrbdYwZEv3GYL+JrqwooC+689MH4asE4uzfrh0sVeHHDKbRq9D1tulchEXDx+R/H4A8TYohyk9mCl78+g03ZpOhPjPCpN4pN4UUrnurRg9jp5u5iQIDlGHXwnxgRaTf4JrMF7+/IxZNrjv3uBh8AVO0GvLjhFN7dlkO4LtgeLPxr4XjMGUXakPl3mgNCOZIjPW23RwyY88nxpSeLasbblqXHB2P7ogxi8I0mM/7wRTb+ceAaeupe7isIuGzMGRWFAE8hbtWSWpgHi4XvX0/HpKGhRPnxwuqM2Z8cX96TdrstgrLWnow/UVCZ36q5Z+FGB8mQ+9ETxIJrNJkx9/Ns7Prtdk/62aeYmRqBL+aNRRiNNa5Q65H63n6U19/TjrwlPHP6kKD4vcum3OhO292eAVVNykO2g8/nsrFjcQYx+GaLBc+v//V3Pfj/83AMDiybTDv4AOAl5mHnm5ngce4NW4tK71GjaD/Y3fa7xYCstccXUx1rq19IQ0oUqef/bc8VOw3i94ToIBm+mj/OoWHoDMMH+uHj50cSZRdu1cc8ve7kq93pg9sMSFy2WZxzq/5j27IJQ4Lw6qSHiHo/XKrAh/uudqdP9w1vTksAn+t+AG7R1ASMHRxIlF0oqVszesku144nB+C4+4fIwKAvCy5VWD1oHLYHPntpDPEWmS0W5JTWY/Gj8eBx2JCJeGB7sOAl5oHL9oC3mA8vMQ9SARc/X6vCBzsvEW2MiQ3EB1nJMFssUKj1UGj0UGr10BnM0OqMUOsMVlcBiwV4ifjgcjwgFnAg4LLhJeqgL+ZzcKKgBh8fvObwWcYODnL38a1tfjl/HFLf3Q9DpwPvTpNKkDQ8cj2A+W7RcqfygBc3CbQ8rtI2krVsxlCsnJvmDhkCJrMFgrnfwGS+px7tWpKJ2WkOQwduw2gyQzB3k8Oo2LWVT7p0CtJh6eYLWHe40Hod7CXSi3jeMnfCm26JoKT4sDW2gy8RcLH88SR3SADocEM0KNtRXKXABzsvEYMPAJtP3cKNGgU0OqPbtLugN5pR3azG6h8LnIYky+raHJYzxfuzkiER3HPq1So0vIRIzscu/mIHN0SQhZVXvv2PtiWvTh4CP6l78fQFG8/g21MldoNuix+v3MGPV+4A6GDyAH8Jcj56ws6l4QhvfHMeW8+VQqGmN/ZOFFTjiRGRzDuPDvdE17rhK+Vj4cQ4rPmxwHo/r7zpZcCyhGm2BeMZ8NjHR5+zzV4QcNlYPC2Bec87kTk0xOXgU6FqN6CwsgU/dTKEDiNjAhgNPgBsO1cGrd69WbYvR05cvzUjEULevff4TqNKOHvtiaeZ0mPMAKXWsMz2+ukxAxHsJWL6dytmpkZCxHd77ce2s2WM6j0xPJLRTAE6PJ7rfy52qx/fn74FtY1oDPIS4smRA4g6zar2ZWAIRgwIW7JLmFfRmGhbNnc86bT6/kyp0yC3LcR8DqYmhTHtnxWHr1aiWUW/tkmFXExOZE7/nz9cdSsOYTJb8M2vpCd67vho4vrS7cbkkJc3Mno7GTEgLcznFaXGYK0b7itGenwwUWfNoXyr3KbD7FHuazg6gwl7LjIz6tyhr1Dr8e429+IrG46Ss2bi0FCEeN8b7zatwWNU7MB5TGgxYoBSq59lez1n1EB42Cj+uWUNyL/TjC1nSpmQw4yUCEJuMsVWhvQfc0MMAcCm7BKcvcHMta/SGXCzphUFd5qtZWwPlp3arNIZspjQY8SA8vo2QtfMSAgh7u/pdDccuVrJaDpLBFw8Osx9MXT25l27MKEjyIRcTHFDzFkswBubzttlRThCi6pjgd9LmY3plDGR17clM2mblgGj3z8UerteaQ0VcdgeGBdHWpDHCqoBdOjeOxk63rojhiyWDs2lL+hfq2jG1ydcOzRNZgvKO1+AvRflxL2HhwQTLviyujbZiLd/ojW1aRkQ7COcYWvHpEb5ERkF9UotrlU0Wa+3nGYmJmamRlpzO90BYzGUGum2mPvrnisOk7S6UNGosioaRVUtqGu9F8v2EvMIZ6TZYkFoAGc6XZu0DDCYzYSfISmSNN3P3qgjgiwXS+txs6aVjizEfI5bYqIL16sVuFLeSFtPKuRiSlIobT1bNCjb8dUx59mIV+VNxPW1imbiOpHi1rCwWKPo2qRlgKbdEG97HRviSdwvrrJPnNp6ltlb2h0xBDC3CWaPGug27e9OOU/7yS4iN9rkyckXgTo2aq2RGDtHoGVAs0oXTjQSTDZyo1ph958tZ0oZhR67qw1tP1fGyJqemRLhljYEdMywPMqb3oVsShbH1XKy3mAKA5pV7bR+DloGKDV6IlcjipK6UVJrL27kDW04fZ0+5aS72lCtQoMThfTbvqRCLqZ2g/65m/YZiBWNKhRRZntlk5q4jvInx0apNZAFDkDLAK3eROTwUROsnFmnfS+GmNGf0w0xVOFA1d12tsxuVreoyWenjo1Wb3S5AQVgsgbojYSMkApImm3tjrWG3RfKGTm6uiuGDuTKaXe+dJe+2oEbfOd5+3WH6vSTUvJNNXoTbcP0DNAZiTpU1bHNidrWqtHj4GV614REwMW05HDaelQkhPsQ1rgzSIVct31PnkLyTS6sbEH+nWa7etQZQH05NToj7QLU48QsV4vhltO3GNHojhhy5z9zRrtH309Gxjgcvf2A62dnCloGiPgcwj6nTk8BzzmTf8mvZpR4OzMlwi2jjMWCnQvYJX03jb74cG/i2pl1L6Q8O1Uci/gcWvcwPQN4HGLEqY3IhM430RlNZuz8jV5nF/E5mDqMuRgaHROICD+JtQ06uGv02RqbuWUNTvcrUJ+dakWLeGzaRZDJDCCoUvM6Q31cu72Zeki7K1L+tjevV+lHBUiJQNMOF74n6r42JWVshDyOc79GJ2gZIBVyCZ3MNi0PAG1G2eXbjXb6syNMTw5nFCljsYCsTtevUmvA6kP5di4BR5iREsGIvu2CbbZYXCaWRfiRz15OUV9llLFzBFoG+Ir5hCpD9fPEh5Hy0hGYOOg6jDJ6MTQ6JtDK9AO5crQbTNhyhn6xZ0p/io3hdvZGHaqa1U7rplB2/NyoJsfGV8KX07VHL4IEnCLba6rlOzSSPq9m69lSRjo7EzFhW2fn+Y7FcdtZZq4JOvpeYh4RztzhRPvpwvCB5Ka/klrSLSPkcwpBA1oGcNhsIl5n63oGOrLY6FDVrLbzozgCnTZkq/00trXjeGccolahsf7uCf2skVFW35HRZMY+is+f2pdUSi5sPkUUerBAG+ukZUBFU+tBW4PnSnkTsRCHeIsQF+JFRwbfM7AJ6LQhW+1nX47cmhboDn1XYujZcYOsv48X1qBe6VyFHhLqRRyjoFDrCSeeB4uF0qr2H+n6RMuAyx9l1Q4MlFoXE6PJjDOU+CkTS3ZfjtyhiU+FKzFBih9SPBy4VOHUKmdC30fCxwSbSJ8z48tKhxIDzi6uJcTgoCBZa+Gnj9PuK2ZkCUf5SYg05xMFpCeSiexu0xpwIFdOW8+ZmLAVP7UKDU5fJ18Cjc5olzTlCDOc0J+WHA4Ou2M42g0mHMitcEnnqdGDiOuThaQIjPKTMNKPGTFAIuLts73ec7Gc4HZadABigjzt/kcFE5vAmRiyFT+7frvtcNFlKoYczdjpKRHW30euVrrcx5Y8wBcPhd0TuyazxS5GLBJy9tB2BgwZkFPVslEm4loFbnWzGidtokMsFrBwUhwtneMF1ahpoT+Ox9GMsi1ztuMmu7jWzkfvmD7pouayPTDFRvvp0q6c4QXKTspjBdXEMTieIp45r6D6P7QdAUMGVH3ylDZ5gC+RZE91tL30SKzD7f+2MJkt2M4gq4FqNLFY9xggb2jDhVv1Dv9ntlgYxSGmJ4cTYmh8XJB1QVW1G1wmmAXIhFiQSb5s1LFIifK7LP/2JUbpdoy9oVIhf5Xt9e4L5cTb7C3mY9Gj9Mm6rmKuXRBTtJUxsfeMrx3nb7sMdzIxykR8DiFyZqTe+30gt8JlWvyyxxIJ5t1VaLGfsl54irmrqP9zBsYMOLR80o5wX4lVL2s3mLDupwKizpLpCbTp6oWVLYxcB7YiJyuNXvx0obhKgcu36bMmbOnPsGGGK/oBMiFemTSEKFt9KJ8IPEX4SbT735rESP4DbsUDWJbkgb7f2JZ8eew6GpT3Zpq3mI8PnxlOS4nJW9olhmx9Pzc7z4Gjp08vhqYN6xBDQ0K9EB0kA9ARXj2aX+X0Px8+M5x4+5vadHbJXMkD/Da6cxKjWwGZH07ceCvQU2hVttU6I/55gNyINz9jsN0GNiqYuA7EfA6mDQvH6JhAhPt2iR9m6Sjbz5XRuqlFfA5mpEQQb/++HLndMTVdeHRYOOalDybK/m/vFahs3PPBXiL9LXXLO4w62Qn3ImJHFulGxvhvsy1a/0sxIVI8WCxsfu0Ru/ioLZhmNcweFUW4npnuN65XavFLPr1rYvaoKMy0kf/OXM9eYh6+WkBuZy2404wNlCSu4YP8vnX37Ai3Q5LVav2rYT5iq9wxmsx4/ZtzxMIYFSDFl/PHuaTDRGefnhJhtTivyptw3UEOkjMwCYdOSw7H6E5f1l2FFqccpNKwWMCGeWOtsxDo0Lb+999niVkW4SfR5hfXLGbcwU64zYDLK2Zq0mL9ifMRzt2sw2c/k46/58YOwtLpQ53SOZArp3UdiPkca9DD3d32By/foT0URMjjWBNqd19wbNz9OSsFz4whrd51hwvxWwmpCqfFBixlqnraoltB+T1LJq1Pi/Yn5uvyLTl2nVo5dySeGu04L0fN0HUAdGRF76AxjqjQ6o2MN3QAjteXeemD8ZfZKURZblkD/rQ9lygbExtQsmtx5ldudbAT3c6KCPYTz/QS86xz0GAyY+7nvxK5Mh4sFr579WGnzjom2hDQkfDLZF+APX1m4dCKRpWdcTcjJQJfzh9LlLWodXh63UliofYW800hvtLH3O5cJ7rNgP1LJl3PHBr2lu3CVF7fhllrjqHdZq8Yn8vGvrcmOdx4/WsRM9cBnWvAGU5fr2XEuJ0U4+6lR2Kx962JVucc0GH3zFp9jKDHYgGZicHv7X6z+8eX9SgvaM+SzHWZ8aGnbMtOFdfimXUniQWKx/HAzjcz8WfKdDZbLNh2zvVbarZY3BIltug4l45edd1u04d3HkvCvxdOANdm8E1mC174PNvOAzspIez47jcnMbZ6HaHHiVk1JtXkxEifBtuyg5crsPBfZ4lFjcUCVsxOsVNR6bSh09fvotpFXJYOdGLuRo0C1yqa4SXmYesb6fjHcyMIddNktmDBxjN2W5KSIn3rGu/cmdbtjnWixwwoWvGUPiLA56HYYE9irm/KLsHstcft8kPnjo/G5X/MsoYy6VwHdIEROtysacXFUsfOO6BjcZ+SFIb8VVl4diyp7egMJjz32Ul8S/FfDQqUqSI8ZUmXv15IHwGiQa98LKHk6HeaR55dsEepNr7cpjVYbfWbNa04f7MOjw8fQGTQ+Uj4ePGRWAR7i3HhVh0AlsM0coPJjPkbz0Dj5m52KgQctlNFwGLpOPPBUdb3zJW/4MhV0jUR5iPWjRgUlLT/nczKHnWqEz2eAV3Yu3jyrQlDAieE+YgJ5Tu7uBap7+1HbhkhpeDBYmHhxDiUfvo0BgZKHXo4TxTW9Mphrjt/u+3UxZAeH2x3YNPF0nqkvrvfTuaH+Yh1YwYHjN+9NJ2ZesUAvfq5kIIjm6sfeW7BDrMJLzWrdNYzhRRqPTafvgWJgIu06ADigQVctl1ZF/6+P4+R55QOGr0RKVF+iAt1nTxgtliw9qdCzF2fjWZK5nNssKdqVEzwsB1vZhQ4+Xu30GszoAsHl04tTQjziqYuzHqjGUs3X8D4vxxiNKgWi+PdN+4iPswb7z6ehJhgmct6efImjPvzIby95SKRbQF0LLixYf5R2xY/zMxwcQN9dnx9/IpdvBC2+MiJopoMR8fXvzb5Ibz/5DDa+EFdqxbnS+pwraIZxZUtqGpWo7JJDY3OiFaNHh4eLEgFXEiFXIR4ixAVIEV0oAzDB/kjLcYfATL64+s/3JeHDUeL7VwRLBYwLSniVG25fFJvLLiO0OcfcHjusxOvHMuvWd/Y1m4n7h70Bxw++bEQ638pchgB85HwzZMTw97evjhjbV/24/58wmT1L3E1Le2HLpTWRzu63/UJk+fHR2PS0NAH/gmT0bEBJaG+0sd6YuEyxX39iE/WmmOv5JY1rHX12apgLxGy0gYgIyEUDz8UBG+x6y9s0KFZpcOp67U4WVCDvTnlLjeMRPpJ2sc9FPT2ltfSP+9Ro27gvn/GKnXFIVGoiLc+t7Rh7t1WrctPJDn6jNXAQCkkAi68xTzreW2qdgNa1N3/jFWwl0g/PNrvu/yimkXdcSn3BA/sQ27RbxzmJ0RyV1253Ti/sknl9nmbvYEIP4k2Ocr36wMXFcuxu2enoHcXv4tPGT656th0pVb/3hV506gWte6+fMpQLOCu+vlPUzf/137K0BHCluwSjgjzWaDS6J+UN7Yl365rkzHZV+AKHiwWBgVKlZH+0isSIWdPXkH1f+63mHGF3xUDqIh/e1dQdKDXDABpKo0+vkWtj2xrN0i1OiNXpTNyu/Ywi/gcs4TPMQj5HINUwG3zkQgqxAJ2IZvFyimp1B5ikqXcj370ox/96Ec/+tGPfvSjH/cL/w/RdOpfEcCqbwAAAABJRU5ErkJggg==" ++++ }, ++++ { ++++ "name": "cs-firewall-bouncer", ++++ "author": "crowdsecurity", ++++ "logo": "iVBORw0KGgoAAAANSUhEUgAAAGAAAABgCAYAAADimHc4AAAABmJLR0QA/wD/AP+gvaeTAAAO10lEQVR4nO2deXRUVZ7HP/fVmlRCErJvQkhCEkJCQgFhTQBlCaI20CAgyKBGzWjPONMObqg96sHpFnV6tM/x2GL3uHGOM+fQC3bjQhM2lQ4DjRA3BLUhUAkkgYQkVamqd+ePkJCQKrLUq0p5Tn3+eq/evb/7e+/73l1/7xWECBEiRIgQIUKECBEiRIgQIUIEDDHcDviC1Wo1NBGWrFcceqeitH574EDdcPs0WH5wAoyxzrxOrzrvRIhyYCKg63G4ScBfpGTL14c/3QHI4fFy4PxgBBhrtcahGjYjWA0YBpDlC6R8NiUqbGtVVZXL3/4NlR+EADnWkjlSFVsRJA4h+z5VGpZ+c3jvOc0d04CgFyBn0owcqboPAFE+mDlqcJin19RUXdLKL61QhtuB/pBu9xZ8u/gABU6zfaMW/mhNUD8BuRNLrCrioEbmOoSiK/zq4P6vNLKnCUH9BKhCLNfQnFGq6mMa2tOEoBYAlYnaGpTLRxfNjtbWpm8EtwBCjNfYotmo2BdobNMnglsAZMxgUkdHRzEqPR0hvDdtEjnfZ7c0RD/cDnhj9OzZZprt5q79/LxckhIT2Lv/UzqcHb3SCiG4/54KVixbgk5ROP7NSR564klsdfV97ArEZP97P3CC9glQWlpMXduL5s/j1Zf+k6cff4znn30avb73fXPjgvmsWr4MndJ5OtlZY/j3xx7xZjrLXz4PhaAVQI2MdACYTSZ+Unk3NpuNkydPYC0uYm5Zaa+0t69eCcDB6moOVlcDUJA/juIJhZ5Mmwii8w4aR67mu6qqDoD8cXlERkRw953rWbNqJcePH2fmtJLudJGREaSlpvD2m29QeU8FlfdU8M7bb9GZN9eDZdkMqIE4h4EQtALQeZE64uPisNls2Gw2nE4n2//wexIS4rsTxcaMBOi+6ABbL293HeuNaPGn04MlmAUAaLx48SIjRoxAuVy/nz9/nsbGpu4Etvp6pJRcunRlmqelpfMan7X1XR4QQTZFHdwCCNHwxVdfYzAamFVaRphJclvZOUoN93L0uSPseqKGX66toeHYc5TOKO7ONqVkKlJKDh463MekhLTCwkJLIE/jWuj6TzJ8xCan3mp3OEaZzWb+9Y4Z3DdzG/G6w3x7qpX0BAgzuqk/105RwieUT/iO4vEJxCUXcs8/P8n+T6vZ9sftnswKF6bfNdhOnQn0+XgiaMcBnYgGgPPHnid2XC16nYs2vaAou/OoXgejkwWqBIU2yrK+pCzrSxyndnLkhIUYSyJNrX3vMSFkIVAdyDPxRpBXQTTeNbeOTSu/R690LmqFm0HX45omxQqUHgPfCy2SP1Y1s2C8jefWfOfFsJzrN58HSVALICUNyyfX0eHsP62jA7btVnn5f90UZQsiLb2F6WVXsGD27NlB8fQHtQAKNNjdRv70scppLwuKHU748K8qz73tIjYKHl2nJyu988pbkq/3Zjq2ttmx0C9OD5KguAu8oUraH383ndf/8TQ7D1zivX2SjBSB2QhuCd+dgbMNkmkFgg1r9Rh7nI0zYhYJWc8QHlZBW3u7B+uyAvDYSgeS4O4FpaQtq79onGFKX8NtpU2MS2ugqUWiqhBuEhTlKCyappCRItBdfpZdYQW0pj5LW/JG9AYLp2vP8PU3J/rYFjA2LinlvQZb7bD2hoK6ChJC3Ajg1qVyMXMbptgiphcolBYrTMkXpMVD18yzakjh0nWvcDH7IzqibqJrtbV8/g1ezatCPOP/s7g2QStA9qSSeUiZD2CJCEfqYmge8zvssXeiGpJB6EDocJvzaE3ZxIWcAziil3L1MndRYQEpyUkeyxCIBbmTps7297lci6AUID8/3yhU8XzXflJiZziQVMJpTX2WprwjNBScpaHgLBfG7sYedxdSMXm0JYSgfP48r2W5VV5NsVrDNT6FAROUAnSYIp8GCgAURSFv7Fif7N1UvhCdznNzJyA7UjU861MBPhB0AuRMnLpCwL917ReMG0d0tG9hQQnxcUyfWuL1uBTcP1xVUVAJkF00vQj4DT0q8iU336iJ7R8tLr/WYUVVeaOgYOag1qC1IGgEyMoqNwmdfEtCd30cHR3FnFmzNLFfMmkSyUnXDC1Ndxhcr2lS2CAIGgGUqKZNXb2eLpYvuQWDcSCB0AOwrygsLu938Ls0p3jaHZoUOECCQoCxE6fMQvJAz99iR8ay6sfLNC3n5kULvDbGXUihPp9RUjKUKOwhEQwCKKC8xFW+VKxfi9ls9pJlaMSOjGVOaX9Vmog2uPiFpgVfg2EXYKx16lpgQs/fiicUsnihfwLY1t22EiEElvBw8nK9dG+lWJtdPL3U80FtGVYB0qZNCwO6pgNcAJbwcDZueLB7DVhrMjMymDV9Gq1tbdjq6ln546UYDcarkwmE+iuWL/f7XNmwCmBxcA+SNIDkxISLAA/cX9lfb8Vnbl22BICmpgvs/fgTNj70UwyG3hPDAsbnnDi10q+OMIwCZGWVmyTyQYDw8LCPJIzMGZvNomtMG2hFUWEBo9LTAag9c5bqQ4d54L7KPukkPIqfr9GwCaCMaFwHpAJy3epVJltdvVi3euU1A2u1QgjBTYuutDHv7fiAycXFTBjfJxh7XJa1xOt0qhYMlwAKiA0A4WFhHztdzhkjY2KYOW1qwBwoyL8y5FBVlT9/uJNVK/p2exUp7vWnH8MiQO7EafOATIB/ua/SUX3wsLJw3g19gm79SdaYMb0a+qOf11Ay2dod4NuDxf58qWNYBFCRd17erL/++jk5X359nIXzvK7f+oWwMDNpqSnd+42NFzAZTSSnJF+d1GDQORb5y4+AC5BVPCseuAVAp1N22Wz1SRaLhcyM0YF2hTGjR3Vv6/WdPc5wD4M/IfHbAn7ABRDCtRQwAsTHxZ+qq6vTFRXmB6TxvZoRkSO6t1Mv3/kdnmJghNbvql0h4AIoyO5+5qhRaUKVKlmZmYF2A4CIiIjubWtxEVJK6s95iH+RMtdqtWozK3gVgRVg+XKdlMzp2o2LjY2Oi43lurS0gLrRRUREZ4yu2WRi3ty5nDpd6yWEBV1HR1iEpwO+EtC4oNyTp8epgu6gfZfLPSo7cwxxIz3F8fufyMsC3LhwPpERFnbt3uM1bbte+OVaBfQJcKH26mKcPPntOICYmOF5dVcIQXR0FBXr1wHwyV+9xus2f3N473l/+BDQJ+Du0jpHTrrdmRjlNLy9P573/3YyZceHH7Fwnl8Hm15pbrnEkw8/xIjISBqbGtn/6QFvSY/hpxc7AiaA3GXMRTn7Dpe/9TMl8xJPR6SxafOLmM1mZs+aGShXurllUTmWCAvfnz7Du9u24XZ7fnVMIPf7y4eAhCbKg4Tj1H+IoLu7IwSU5jXzbZ2BX//PYdJSU/0+FhDuC0SdXIql9hH09s/Y800Sz7z0Gjuq9nH2fBPR8fFEREWjSjcddjsAYUYVo0E+ajt15nt/+BSYJ6DN+DKC/Kt/FgKeWnGamtPh/GzTf3C2ro7bV93qNzfMDb9F39b58RXjxfdIb6vD7sjrPi4l6AxGYpPSKC84/+36GcfDxiTYE4WQv6CU6UJo/3al3xthWWXcgBTrvR0PN7l54fbv0Skqr7z2OpueewGXyz9fGDO09q5JrAmH0Ov6XtO8hPM8teRYRmaiPUkIBIgSdpu0iY+5Cr8IIP+ESVaZZ8kq45sI8fP+0ueltlExt/ONxu073ucnDz5MY1NTP7kGj3C39trXKSqq2nsEPsLUwcPX70URV7W5gjLNHUJDAeReYuQe4+Nyj2kvFlMzQu5BiDUDzV85v46MhM5698jRo9xReT9ffPm1Vu5dpu+Ttcb6GQkRrYQZnMzM+DsvLX2P5BEev2zm8bV7X9FsAkbuNv0euNkXG9UnIlj7q2zk5ZvPZDTxxCMbmFOqTQ8p6vhc9O3Hhpq9jlJHitbtgJZVkM9D9cmZl1gxtaF739HhYONTz7Dlv9/01TQAQvp07RLZY/yRJo70QEMBxF4trPx08RliLO7ufSklW954i799dtR349LjPM8gEK/L3Ybi/tMNHC0F+EALK1HhLh5cXNvn92M1X/hsW3H53LBHgbJH7jbdJ3dp04XXTgBLezXg7jfdAFg6pYHi0Vd6LEaDkUkTi3wz6rYj3M0+egZ0VrUvo5iOyl1mn+dQNBNATMIJ9L11h4CiwNMr/o5BL1l6802885tfk5sz9Jc0mltaeHHzg2j8lZpcFLnVVyNajwM0G0FlJ9upnFfHsc8/x2Qa2lqIqqps//P7rF5fQUu9Vp8f7YXPdZp244Aqw2QgQyt7APfeYCPceZS1d1Wyfcf7uN0Dq+GcTicf7PwLd1Tez6bNL9DY1ERhhk6T6rEH34Hq87yJluOAfcAMrex18f05E4t+nofLLUhOSmTB9XOZWjKZ3OxsjMYrMZ3t7XYOHTlC9cFD7Ny9l4bGhl52Xr37RG1ZXnOqBi65kfwXDsfjYgGt/Se/NpoIID+yJGJw2bSw5YmH3xnFtureq2aKojAyJgaj0YjT6aShsRFV9V7H79xYczYttqNPzMngkAdQ5H1ilvP/fLNzBW1mQ3Ud6f6c11sw4UIfAVRV5XxDg5ccfYmNdEb64MI5EA9T6vhtcI6E251HkdRoYssDcZG+t+1GHWFDzLoFxZEjyuyv+2M6WpMnQCzCIfcY5qA6H0GwHtB0kdelYgfaQTSB9NTzcABtIBwg20DYQRolMlogkoE8VSJ1g1uAqgcqRJnjD1qcgzc0j4aS76IjMawE3PNATANK8FUQIbaKUvvqoWa3Wq2GTzbX1BgUmT3ALB+gN6wVMy71/fSuxvg9HE1KBHuMuUhlKoKFdH67eZCCiLtEmX2LT37sNv0S+Kf+i+IFbI4NYoU2o/r+iwswchd6FNNchPgHpFwC9Pcm3klUxwQxB5/+fkTuC7sOt1oNJHhJ4kDwgCh1vOJLOYNlWP9BQ+4lBrdpFUKsAznFQ5LPUOWtYk7Hl9qUZx6Dqj4JohRIBASCWuADJC+KMsdxLcoZDEHzFyadYwnnDFDiADeqqGF2+wEhgutDqyFChAgRIkSIECFChAgRIkSIED9g/h+02l+jofHlGAAAAABJRU5ErkJggg==" ++++ }, ++++ { ++++ "name": "cs-custom-bouncer", ++++ "author": "crowdsecurity", ++++ "logo": "iVBORw0KGgoAAAANSUhEUgAAAuwAAAHACAYAAAD5pj0sAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAATiAAAE4gBo4oJKAAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAACAASURBVHic7d1/mJ11eSf++3NmMhMBIfzQVUgiorW1KK6dJjPnTMKOiOtaa11b44/dat1aabWK2l7dar/ttvvDrXa3rVh0FbHbgq7VdK3aKlURZk3mnDPhmvo1iKj1ByURqhQNSAgzmXk++wdhVQSSzJznPM/Meb2ui7+8rvt+/yEzb54593kiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO6Tqg4AlK/ZbJ5WFMWjhoeHTy+K4vSIOD2lNJRzPiWl1Kg6H1CtoijuaDQaRc75O41G458WFxdvHxkZuW3Xrl23Vp0NUNhhzZiamho+dOjQE1JKT04pPSUifjwiHhsRZ0fEyZWGA1areyLiHyLipoj4Ys75841G43Pz8/M3zM3N3V1tNBgcCjusYtu2bTunKIoLc84XRsSFEXFq1ZmAgbCYUvpcURRXR8TV69ev3z09PX1P1aFgrVLYYRXZtm3b5sXFxeemlJ4WEf8iIk6rOhNARByKiE5K6dqc88c6nc5nqw4Ea4nCDjXXbDYfFhE/HREvjYhnRcRQtYkAjurGlNIHFxcX/3zPnj1frzoMrHYKO9RTY2Ji4oKU0ksj4nkRcVLVgQCWoYh7n7xfkVJ6/8zMzHerDgSrkcIONXLeeeedeMIJJ1yUUvr1iDir6jwAPXRXSumylNIfzszM3FJ1GFhNFHaogcnJyYcXRfGLEfGGiHhU1XkASrQQER8oiuI/z87O/n3VYWA1UNihQmNjY2eMjo6+Ouf82ojYUHUegD4qIuJ/55x/t9vt3lh1GKgzhR0qMDY2tm5kZOTXI+K3I+LEqvMAVKjIOb+nKIo37tmz5/aqw0Ad+bYJ6LNWq3X+0NDQX0fEiyNipOo8ABVLKaWxRqPxik2bNt2zf//+6yIiVx0K6sQTduiT7du3P3pxcfG/R8S/qToLQI11Ukqvarfb/3/VQaAuFHYoX2o2m6+KiDdFxClVhwFYBRYj4u0LCwu/NTc3d3fVYaBqCjuUaGxs7JSRkZHLI+L5VWcBWIW+GBEv6HQ611cdBKrkM+xQklartWVoaOjqiJisOgvAKnVGRLxs8+bN39q3b9/fVR0GquIJO/ReajabF0fEH4SjUoBeufLgwYOv3Lt378Gqg0C/KezQQ9u2bTt1aWnpioj46aqzAKxBX4iIn+t0Ol+sOgj0k8IOPbJ9+/ZHHz58+KqU0lOqzgKwhn0n5/ycbrc7U3UQ6BeFHXpg27Zt5ywtLX0yIh5XdRaAAXB3SukF7Xb7Y1UHgX5wdAorNDk5+ZNFUVwTEZuqzgIwINZFxAs3btx4y/79+x2jsuYp7LACrVbrgpzzxyPitKqzAAyYRkrpOZs3b0779u2brjoMlElhh2WamJh4TkR8NCJOqDoLwIBKETG1adOmof37919bdRgoi8IOyzA5OTkR95b1h1WdBYD4F5s2bbpj//793aqDQBkcncJxarVaT8o5fyYiTq06yzFYjIgvp5Suj4ivFEVxU0R8I6V0e0rp9pzzPUNDQ177DQPs8OHDI+vWrTuxKIqTi6I4o9FoPDrn/NiU0mNzzk+KiHNjdTycKHLO/6bb7X6g6iDQawo7HIdWq/WYnPNMRJxVdZYHcTgi9kTENY1G49p169Z1pqen76k6FLB67dixY+jmm2/+541G42k556ellM6PiJOqzvUgFnLOz+52u1dXHQR6SWGHYzQ2NnbGyMjI7oj40aqz3M89EfHRnPP77r777k97CyBQpqmpqeFDhw5NpJRenFJ6YUScXnWm+/luURRPm52dnas6CPSKwg7H4Nxzzx05+eSTpyOiWXWW+6SUdkfEFSMjIzunp6cPVJ0HGDxHfjb+VES8NO59w/O6iiPd51uLi4s/ed111+2rOgj0gsIOx6DZbP5RRLy+6hwRkSPiY41G400zMzOOq4Da2LZt2+bFxcVfTym9Imrwmfecc/fw4cPnz83NHa46C6yUwg5HMTEx8TMppQ9Htf++LEXEByPi9zudzvUV5gB4SFu2bHnU8PDwr0XEK6P6z7q/udPpvLHiDLBiCjs8hC1btmwaHh7+bFT7Gc2/yzm/qtvtzlaYAeC4bN++/dGLi4tviYiXVBgj55yf2+12/7rCDLBiCjs8iKmpqeH5+fnpiJisKMKBiPi9jRs3Xrpz586lijIArMjk5OTTiqJ4e0Q8saIIt0XEUzudzjcq2g8r1qg6ANTVwsLCm6K6sv7h4eHhJ3Q6nUuUdWA1m5mZuXbDhg1PjYg3R0RRQYRHRMT7duzY4WWRrFqesMMDGB8fH2s0GrPR/7cBL6aUfrvdbv9B3HtgCrBmtFqtC3LO74uIR/V7d0rpV9vt9jv6vRd6wRN2+GGNlNKl0f+yfnNK6fx2u/2WUNaBNajdbl+TUnpKSulT/d6dc/797du3P7rfe6EXFHa4n2az+YqU0kSf185ExFPb7Xanz3sB+qrdbn/rrLPOelZEvKvPq09eXFz8/T7vhJ7wkRj4Plu3bj19eHj4iznnM/q49m8WFhZeODc3d3cfdwJUrtVq/WbO+c19XJlzzhd0u93pPu6EFfOEHb5Po9H4b30u61cuLCz8rLIODKJ2u/2WlNKvRv+OUVNK6dKxsbG6vJEVjomLaTii1Wo1I+JPok9/eUop/Y9Op/OKW2+91bfAAANr3759123evPnrEfGvoz8/fx85NDT07f3793tbNKuGJ+xwRM75P0X/Pib24bPOOus14bgUINrt9pUR8Zo+rnzj2NjYCX3cByviCTtERKvV2hIRfTlGyjlfe+qppz7vIx/5yOF+7ANYDfbv33/d5s2bT4j+vP/ixEaj8c39+/fv6cMuWDFP2CEics6/1adVnx0aGnruVVddNd+nfQCrRrvdfkNEXNmPXY1G4zfOPffckX7sgpVS2Bl4ExMTT4yIn+nDqgNDQ0PPn5mZ+W4fdgGsRnl0dPSiiPhs6Yty3nTyySe/pOw90AsKOwMvpfTb0Z9/F161e/fur/VhD8CqNT09fU9RFC+MiH483Hjj1NTUcB/2wIoo7Ay0Vqv1uIh4YR9Wvb3T6by/D3sAVr3Z2dm/Tym9qg+rHjc/P/+CPuyBFVHYGWg551+O8o+vP79hw4ZfL3kHwJrSbrffG/35PHs//sMAVkRhZ5A1IuLFJe/IOefXODIFOH5LS0uvj4jbS17TOvLXVqgthZ2BNT4+/vSI2Fjymiu8Ahtgefbs2XN7zvl3Sl6Tcs7/tuQdsCIKOwOr0WiU/e0Adw4PD7+x5B0Aa1q3231XRMyWvOYl0b8X58FxU9gZSOedd96JEfG8ktf8h127dt1a8g6Ata5oNBqvK3nH41ut1kTJO2DZFHYG0kknnfSzEXFSiSu+GRGXlTgfYGDMzMx0I+KTZe4oiuLny5wPK6GwM5ByzqUem6aU/rjT6RwqcwfAIEkpvank+S/csWNH2d8aBsuisDNwjryK+vwSV9wxPz//zhLnAwycdrv9mYjYVeKK02+55Zanljgflk1hZ+CcdNJJWyPixLLmp5QunZubu6Os+QCDqtFovLnM+UtLSxeUOR+WS2Fn4DQajTJ/IOdGo/GnJc4HGFgzMzN/m1LaV9b8lNJUWbNhJRR2BtHTSpy9a/fu3V8rcT7AICuKovhfJc7fPjY2tq7E+bAsCjsDZWpqan1ElPbVXTnnfrxGG2Bg5ZyvKHH8SSMjI1tKnA/LorAzUA4fPtyMiPUljb9n/fr1f1nSbAAiYnZ29gsR8dmy5qeUfI6d2lHYGShFUWwvcfzV09PTB0qcD0BE5JxLeziSc95W1mxYLoWdQfOUsgbnnK8pazYA39NoNK4tcXxpvydguRR2Bs15ZQ0u+RcIAEeMjIxcFxF3ljT+Udu3b39ESbNhWRR2BsZ55513YkScU9L429vt9t6SZgPwfaanpxejxJcoLS0tPbms2bAcCjsD48QTTzwnyvv//GcioihpNgD3k1Iq86+ajy9xNhw3hZ2BkXM+u8Tx15U4G4D7KYpirqzZJf++gOOmsDMwGo3GY0scf32JswG4n5RSmR9DPLvE2XDcFHYGRs55Y1mzU0o3ljUbgB/W6XS+HRHfKmn8Y0qaC8uisDNIHlnS3KX5+fmbS5oNwIO7qaS5viWGWlHYGSSnlTT31rm5ucMlzQbgQaSUvl7S6NNLmgvLorAzSM4oY2hK6ZtlzAXgoeWcbytp9KlTU1PDJc2G46awM0geXsbQnPPtZcwF4KGllMr6+ZsOHTp0Qkmz4bgp7AySdSXNLettewA8hKIo7ihr9sjIyGhZs+F4KewMklJ++KaU5suYC8BDazQapf38XVxcHClrNhwvhZ1BUsoP35zzYhlzAXhoOefSCvvQ0JAn7NSGws4gSWUMzTkXZcwF4KhyWYOXlpZ0JGrD/xkBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhBwCAGlPYAQCgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhBwCAGlPYAQCgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhBwCAGlPYAQCgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhB37A5OTkxNatW59QdQ4A4F4KO/ADlpaWnj40NPSlZrO5u9ls7piamhquOhMADDKFHXgwkxHxwfn5+X+YmJh48/j4+MaqAwHAIFLYgaM5M6X0m41G46vNZvODExMTF1YdCAAGiT91A8dqJCJ2pJR2NJvNGyPiXQcPHrx87969B6sOBgBrmSfswHI8MSLeeuKJJ97SbDbfNTk5eW7VgQBgrVLYgZU4OSIuKori845UAaAcCjvQKz9wpNpsNs+qOhAArAUKO9BrZ6aUfjMivuZIFQBWzp+ugbI4UgWAHvCEHegHR6oAsEwKO9BPjlQB4Dgp7EBVHKkCwDFQ2IGqOVIFgIfgT9FAXThSBYAH4Ak7UEeOVAHgCIUdqDNHqgAMPIUdWC0cqQIwkBR2YLVxpArAQPGnZWC1cqQKwEDwhB1YCxypArBmKezAWnLfker1zWbzU45UAVgLFHZgLUoRcWEcOVJttVq/12q1Hll1KABYDoUd+AHr1q3705zzf4mIf6w6S4+cmXP+3Zzzza1W672tVqtZdSAAOB4KO/ADdu3adWu32/2dO++88zER8YKIuDoicsWxemE05/xvc87tZrP5d61W66LzzjvvxKpDAcDRKOzAA7rhhhsWOp3Ozk6n84yI+PGc89si4q6qc/XIU3PO73KkCsBqoLADR9XpdL7Y7XZfWxTFWSmlX46Iz1edqUccqQJQewo7cMxmZ2fvbLfbl3U6nScXRbE9InZGxGLVuXrAkSoAtaWwA8syOzu7u9PpvGB4eHhzSukNEbG/6kw9ct+R6j5vUgWgDhR2YEV27dp1a7vdfsudd975uPjekepacN+bVD/lSBWAKinsQE/c70j1iWv5SHV8fPzHqw4EwOBQ2IGeW+tHqo1G4/OOVAHoF4UdKI0jVQBYOYUd6AtHqgCwPAo70FeOVAHg+CjsQCUG5Ej1G45UAVgphR2o3Bo+Uj0lHKkCsEIKO1Abg3Skun379kdUHQqA1UFhB2pprR+pLi4u7nekCsCxUNiBWhuQI9U5R6oAPBiFHVgV1viR6k84UgXgwSjswKrjSBWAQaKwA6uWI1UABoHCDqwJjlQBWKsUdmBNcaQKwFqjsANrkiNVANYKhR1Y8x7gSPWGqjP1iCNVgAGgsAMD4/uOVJ/kSBWA1UJhBwbSfUeqjUbjMY5UAagzhR0YaDMzM7c4UgWgzhR2gHjQI9WDVefqEUeqAKuYwg5wP/cdqY6Ojm6MiNenlL5cdaYeue9I9fpms3nV5OTk06oOBMDR+TYBgAcxPT19ICLeGhFvHR8f39ZoNC6OiOfF6v/Z2YiIf1UUxVJEXFt1GAAemifsAMdgDR+pAlBzCjvAcVjDR6oA1NRq/7MuQCVuuOGGhbj3e9x3TkxMPDEifiWl9PKI8E0sAPSUJ+wAK9Ttdm888ibVM1fTm1RzzqnqDAAcnSfsAD0yOzt7Z0RcFhGXrbEjVQAq5Ak7QAke4Ej1G1VnAmB1UtgBSvR9R6rnhCNVAJbBn2kB+sCRKgDL5Qk7QJ/dd6QaEc2IuKmqHCklR6cAq4An7AB95iAVgOPhFwVAH0xOTj485/zinPNrIuJJVecBYPVQ2AFKNDk5+aNLS0v/riiKX46IDVXnAWD1UdgBemzHjh1D+/bt+6mU0sVFUTzdZ8UBWAmFHaBHtmzZ8qh169b9wv79+1+VUtpcdZ5j4D8kAFYBhR1ghcbHx8cajcZrI+JFOed1VecBYG1R2AGWYWpqav38/PwLcs6/llJ6StV5AFi7FHaA4zA+Pv4jKaWXz8/PvyIiTvPxdADKprADHF1jYmLigpTSayPi2eGz3wD0kcIO8CBardYji6L4pUaj8Ss5501V5+mhu3PO70sp/UnVQQA4OoUd4H6OHJFelHN+SUrpYTnnqiP1yldSSpcvLi5evmfPnturDgPAsVHYASLiWc961uiBAwd+JiJeHxHNqvP0UBER10TEZRs3bvzQzp07l6oOBMDxUdiBgdZqtR5XFMUrDhw48EsRcXrVeXroQM75iqIo3rpnz56vVx0GgOVT2IFBdN8R6UU5559NKQ1VHahXUkpzEXHZ/Pz8e+fm5u6uOg8AK6ewAwNjbGzslJGRkZdFxMURcU7FcXppPiI+mnO+pNPpzFQdBoDeUtiBNe++I9KI+PmIOKHqPD30jZTS5fPz85fOzc39U9VhACiHwg6sSd93RHpRRFxYdZ4e+n9HpKOjo381PT29WHUgAMqlsANryuTk5Jk554sOHDjwqoh4RNV5euiOiPhAURSXzM7OfqHqMAD0j8IOrAVpYmLi6Smli4qieF6srZ9tn00pvfOuu+563969ew9WHQaA/ltLv9SAATM+Pn7y0NDQi3LOr42IH686Tw8tRMRHcs6Xdbvdq6sOA0C1FHZg1Wk2mz+Wc35lSunlOecTq87TQ7fmnK/IOV86Ozu7v+owANSDwg6sCueee+7IySef/Nw4ckSaUqo6Ui/NRMQljkgBeCAKO1Br27dvf/TS0tJLc86vjoiNVefpoe9GxPtTSn/Sbrc/X3UYAOpLYQdqaXx8fFuj0bh4cXHxX0fEuqrz9NCXIuJ/jI6Ovmd6evquqsMAUH8KO1Abk5OTD885v/jI0/QnV52nh5Yi4qqc8yXdbvfTEZGrDgTA6qGwA5XbunXrExqNxi8WRXFRRJxadZ4e+sec858PDw+/Y/fu3TdXHQaA1UlhB6rSmJiYeHZK6eKIeHpErJkr0pTSXM75bQsLC++fm5s7XHUeAFY3hR3oq/Hx8X82NDT0spzzqyJic9V5euieiNg5NDT0h7t37/5c1WEAWDsUdqAvxsfHxxqNxmsj4kU557V0RPr3KaX35Jzf3el0vl11GADWHoUdKM3U1NT6+fn5F+Scfy2l9JSq8/RQERHX5Jzf1u12/yYckQJQIoUd6Lnx8fEfSSm9fH5+/hURcdoaesnRt3LO/zMi3tntdm+qOgwAg0FhB3qlMTExcUFK6bUR8exYY0ekEXFZzvnKbrd7qOo8AAwWhR1YkVar9ciI+Hc551+JiLMrjtNL8xHx0ZTSH7fb7U7VYQAYXAo7sCxHjkgvyjm/JCIeVnWeHvpqSundi4uLl+/Zs+f2qsMAgMIOHLNnPetZowcOHPiZiHhdRLSqztNDRURcExGXbdy48UM7d+5cqjoQANxHYQeOqtVqPa4oilfccccdL4+IM6rO00N3HHkT6SW7d+/+WtVhAOCBKOzAg7nviPSinPPPppSGcl4b31543xHp/Pz8e+fm5u6uOg8APBSFHfgBzWbztIh4eUT8SkScU3GcXronIj4YEW9vt9t7qg4DAMdKYQd+QM75lSml/1J1jh66JaX07qGhobfv2rXrtqrDAMDxUtiBtShHxKcj4rLR0dG/mp6eXqw6EAAsl8IOrCV3RsRfNBqNt83MzNxQdRgA6AWFHVgLvhgR7zx48ODle/fuPVh1GADoJYUdWK0WIuIjOefLut3u1VWHAYCyKOzAanNrzvmKnPOls7Oz+6sOAwBlU9iB1WImIi5ZWFj48Nzc3OGqwwBAvyjsQJ19NyLeHxGXdjqd66sOAwBVUNiB2kkpfTki/rTRaFy2e/fu71SdBwCqpLADdVFExMdzzpd0Op1Px73fpQ4AA09hB6r2zZzznw0PD79j9+7dN1cdBgDqRmEHKpFSmouIy0ZGRq6Ynp6+p+o8AFBXCjvQT/dExM6hoaE/3L179+eqDgMAq4HCDvTDV1JKl+ec393pdL5ddRgAWE0UdqAsRURck3N+W7fb/ZtwRAoAy6KwA712IOd8RUT8cbfbvanqMACw2insQE/cd0Sac76y2+0eqjoPAKwVCjuwEvMR8dGIeGu73W5XHQYA1iKFHViOr6WULpufn3/P3NzcP1UdBgDWMoUdOFZFRFwTEZdt3LjxQzt37lyqOhAADAKFHTiaOyLiAznnt3a73RurDgMAg0ZhBx7M36WU3jU/P//eubm5u6sOAwCDSmEHfsDQ0FA7IpozMzPdqrMAAAo7cD8zMzPXVp0BAPieRtUBAACAB6ewAwBAjSnsAABQYwo7AADUmMIOAAA1prADAECNKewAAFBjCjsAANSYwg4AADWmsAMAQI0p7AAAUGMKOwAA1JjCDgAANaawAwBAjSnsAABQYwo7AADUmMIOAAA1prADAECNKewAAFBjw1UHAKA627ZtO7UoiidXnYP+KYritm63e2PVOYBjp7ADDLClpaWtEfG3Veegf1JKH4qIn6s6B3DsfCQGAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhBwCAGlPYAQCgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpsuOoAAFSn0+l8ampq6mFV56B/vvvd7y5VnQE4Pgo7wGArpqen76k6BAAPzkdiAACgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhBwCAGlPYAQCgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhBwCAGlPYAQCgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhBwCAGlPYAQCgxhR2AACoMYUdAABqTGEHAIAaU9gBAKDGFHYAAKgxhR0AAGpMYQcAgBpT2AEAoMYUdgAAqDGFHQAAakxhZ2CklBZLmjtUxlwAjmpdWYNTSofLmg3HS2FnYOScF0qaO1LGXAAeWpk/fw8fPjxf1mw4Xgo7g6SUH76NRuOEMuYCcFQPK2vw8PBwKQ95YDkUdgbJPSXNPa2kuQA8hEajcXqJ4w+VOBuOi8LOIPlOGUNzzmeUMReAh5ZzLquwH+p0Ogo7taGwMzBSSv9U0uizSpoLwEPbVMbQEn9fwLIo7AyMoihuL2n0w7du3Vrmn2UBeGCPLWNozrms3xewLAo7AyOl9I9lzR4aGnpcWbMB+GFTU1PDEbG5pPGl/b6A5VDYGST/UOLsJ5c4G4D7OXTo0BMiYrSM2Smlr5cxF5ZLYWdgNBqN0n4A55zPK2s2AD8spVTag5KiKG4qazYsh8LOwFhcXCytsKeUxsuaDcAPSyltL3G2J+zUisLOwJidnf1GRBwoafxPjI2NeYESQP9cUNbgnPPny5oNy6GwM0hySqmsH8Lr1q1b1yppNgDfZ8uWLY+KiB8rafz84cOHv1LSbFgWhZ2BUhTF3rJmp5SeWdZsAL5neHj4gohIJY2/cW5u7nBJs2FZFHYGzWdLnP2cEmcD8D1lPiCZK3E2LIvCzkDJObdLHP+jrVZrS4nzAQZes9l8WEQ8t6z5Oedry5oNy6WwM1BmZ2dvjIhvl7jiJSXOBiDieRFxSlnDU0rTZc2G5VLYGTQ5Ijolzn/x2NjYuhLnAwy6ny9x9pc6nc43SpwPy6KwM3BSSp8sa3bO+YzR0dGfKms+wCA78u0wzyhxhY/DUEsKOwMnpfSJMufnnF9X5nyAQTU8PHxxRAyXuOKaEmfDsinsDJyZmZkvRcRXS1wxNT4+vq3E+QADZ2xs7JSIeGWJK3JRFJ8pcT4sm8LOoPqrMoc3Go03lDkfYNCMjo6+JiI2lLiiPTs7+80S58OyKewMpEaj8Wclr3j2xMTET5S8A2AgnHfeeSfmnC8uec2VJc+HZVPYGUgzMzM35Jw/V+aOlNJ/LXM+wKA46aSTfiMiHlHiivmI2FnifFgRhZ2BlVJ6b8krntlqtX6u5B0Aa1qr1Xpczvk3S17zsU6nU+Y7OmBFFHYG1vDw8PsiYqnMHTnnt05NTZ1U5g6AtSznfElErC95jY/DUGsKOwNr165dt0bEp0tes3FhYeF3St4BsCY1m83nRcSzS17z7Q0bNlxV8g5YEYWdQfdnZS/IOb++2Wy2yt4DsJa0Wq1HRsSlfVj1v6666qr5PuyBZVPYGWgbN278YER8rINEGgAACCJJREFUpeQ161JKf7F169bTS94DsFY0cs5XRMSZJe9ZiohLSt4BK6awM9B27ty5lHP+w7L35Jw3DQ0N/XlEpLJ3Aax2ExMTb4iIZ/Zh1fs6nU7ZD21gxRR2Bt6pp576PyPilj6senar1fq1PuwBWLVardb5KaX/2IdVRc75zX3YAys2VHUAqNpXvvKVpc2bN6eI+Jd9WPf0zZs3f2Hfvn1f6MMugFWl2Ww+PiL+NiIe3od1/7vb7b6jD3tgxTxhh4i466673hkRt/Vh1VDO+X0TExMX9mEXwKoxOTl5ZkR8KiIe2Y99RVF4us6qobBDROzdu/dgSultfVo3klL6y/Hx8fP6tA+g1rZt23ZqURSfiIiz+7TyY7Ozs3N92gUrprDDEfPz838UEf/Qp3WnNBqNTzSbzSf3aR9ALTWbzdMWFxc/HhFP6tPKhZzzb/RpF/SEwg5HzM3N3R0Rr+vjykdFxGdardb5fdwJUBtHPgZzbUppoo9r/6jb7d7Yx32wYgo7fJ9Op/PhiPibPq7ckHP+ZKvVen4fdwJUbmJi4olFUXQiom8fD0wp7RsdHX1Tv/ZBryjscD9DQ0OvjYhDfVw5mnP+i2az+drwPe3AABgfH39GSml3RGzu596iKF43PT19Vz93Qi/4Wke4n5tvvvk7GzduHE4pTfVxbSMi/tWmTZv++dlnn/2Jm2+++Z4+7gboix07dgxt2LDhd1NK746IE/q8/pPdbvf/6/NO6AlP2OEBrF+//i0ppS9XsPq5S0tLc61Wa0sFuwFKMzk5eeb+/fuvyTn/bvS/f9wdEb/a553QM/78Dg9iYmLiJ1JK7YgYrWD9QkS8JSJ+v9Pp9PPjOQC9liYmJn6h0Wj8t5zzGRVl+KVOp/OeinbDiins8BCazearI+JPKozwtZTSxe12+2MVZgBYlsnJyR8tiuLtEfH0qjKklD7QbrdfVNV+6AWFHY5iYmLiL1NKP1dxjA9HxBs7nc4XK84BcFTbt29/xOLi4m9FxKsjYriqHCmlL4+MjIw5NGW1U9jhKKampjbMz8/PRcQ5FUcpIuLjKaX/1G63r6s4C8APGR8f/2cppdenlF4T/T8qvb97IqLV6XQ+W3EOWDGFHY5Bq9XaknPeHREjVWeJiBz3Fvc/arfb03FvkQeoTKvVelLO+dUR8bKo5u7nh+ScX9ntdt9ZdQ7oBYUdjlGz2fzFiLg8avTvTUppX875vTnnK725D+inLVu2PGpoaOjFKaWXRMRTq85zP5d1Op1frjoE9EptigesBs1m840R8V+rzvFAUkpzEfG3OedrI6Lt22WAXtqxY8fQLbfc8tSlpaULGo3GhTnnC6Ke73P58MaNG5+/c+fOpaqDQK8o7HCcJiYmLkkpXVx1jqOYj4huznlXSmlvo9HYe+DAga/fcMMNC1UHA1aFRqvV2pRSOjfn/OSIaOWcz4+IDVUHO4rPjI6OPnN6etrL51hTFHY4fo1ms/neiHhx1UGOU5FS+kbOeX9E3H7kn/mIuDvnPF9tNKAiwymlh8e9T8pPP/LPoyNic9TjZud4XD86Onr+9PT0gaqDQK9V9lVLsIoVCwsLvzAyMnJaRDyz6jDHoZFz3hQRm+7/P6Tkv92BVW3/4uLiszudjrLOmtTvVwPDmjA3N3d4dHT0+RFxddVZAAbc1yPiadddd92+qoNAWep4LAKrwk033bRwyimnfGBkZORHUkpPqjoPwAC6oSiKp3e73ZuqDgJlUthhBW677bal/fv3f2jz5s0Pj4hm1XkABsj/WVhYeMZ11113W9VBoGwKO/TAvn37Prl58+Z7IuLp4ZgboGwfiYjn7dmz566qg0A/KOzQI/v27ZvZvHnzrRHxrHAfAlCWd27cuPFln/jEJ3xNLQPDk0DosVartSXn/IGIeGzVWQDWkHsi4g2dTueSqoNAvynsUIKtW7eePjQ09GcR8dNVZwFYA74YES/odDrXVx0EqqCwQ3lSs9m8OCL+IFbfC0gA6uLKgwcPvnLv3r0Hqw4CVVHYoWStVquZc35/RDym6iwAq8hdEfGrnU7niqqDQNUcnULJ9u3bt//xj3/85UtLS+siYmv49w7gaD60uLj4nNnZ2V1VB4E68IQd+mjr1q1PGB4evjTn/IyqswDU0FcbjcbFMzMzH686CNSJwg4VmJiYeE5K6R0RsbHqLAA1sJBz/uP169f/3vT09D1Vh4G6UdihImNjY6eMjo7+Vs75VRFxUtV5ACqwFBEfTCn9Trvd/mrVYaCuFHao2Pj4+MlDQ0OvzDn/+4g4reo8AH1wOCL+otFovGlmZuZLVYeBulPYoSampqZOmp+ff3lE/PuIOLPqPAAlmI97n6j/R0/U4dgp7FAzY2NjJ4yOjr4s5/yyiNhSdR6AHrgpIq5cXFx8x3XXXfePVYeB1UZhhxprNps/llJ6Uc75JRFxTtV5AI7DHRHx0ZzzFd1u99MRkasOBKuVwg6rQ2NiYuL8iHhpo9F4Ts75jKoDATyAu1NKV+ec3zs6OvrXvvEFekNhh1Vo27Zt5xRFcWHO+cKIuDAiTq06EzCQFlNKnyuK4uqIuHr9+vW7lXToPYUdVrkdO3YM7du37ydTSk/LOf9ko9F4cs75ceGNqkDv7Y+I61NKn11aWppeXFycmZubu7vqULDWKeywBjWbzYdFxI/lnB8bEWc3Go2zi6I4M6V0ekScERGnR8T6uPdnwIYKowLVuyvu/ZrFxYi4PSJuTyndXhTFNyPippTS11NKNzUajS/u3r37O5UmhQH1fwFiYtgzpiU5kgAAAABJRU5ErkJggg==" ++++ }, ++++ { ++++ "name": "cs-cloud-firewall-bouncer", ++++ "author": "fallard84", ++++ "logo": "iVBORw0KGgoAAAANSUhEUgAAAQAAAAEACAYAAABccqhmAAAABmJLR0QA/wD/AP+gvaeTAAAgAElEQVR4nO3deXhV1d3o8e865+QkOZkDIQwJQ4AQQAEZFGQKJCCzghynqq9tb23f2/pW66PtbXvvS/WtVatgqx2uvtqq19sBfdtah15FHOoMVBEIyCyCEKaEISM5Z90/NmkpAjlrn33OPsPv8zx5gGQPK5uzf3vtNfwWCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQiUm5XQDhrOrqap83u6QSX7hShVV/pRgQ1pQr6A50O/nlBzKBwMndGgGt0UcU6gRQj9Z7UGovsAetd6F86zqa6re89tprHa78YiImJAAkNzVz/uVDwlpNUFpP1HguAD0MyIrR+dpQ1IFer8PqLY9Hr3z5uWe2xOhcIg4kACSZ6vlXd/eFOmai9BxgJlDiZnkU7NaaldqjXvCHjv/xxRdfbHOzPMKMBIAkULNwYTd1wrMIra4EqgGv22U6I60/RfGlFc8/s8LtoojISABIUEuWLPG8tWZ9LWG+ouFSIMPtMkWoXWt16SsvLP+L2wURXZMAkGAmLliQFwhnfklr/W9Ahdvlsam+I6AGvbZ8+XG3CyLOzed2AYSlev7V3X26/VZC6msaXeh2eaJU6msOXwE85nZBxLlJAHDZ3LnXFLWp9m8RPvFNUHlul8c5ajwSABKeBACXVFdX+3y5JV9r0+0/QFPsdnkcp3SsuiKFgyQAuKBm7qJpCs9DaD3M7bLETFhtc7sIomsetwuQTmprgwUz5i3+icKzAkjdmx+4687vjtZaX+x2OcS5SQ0gTmrmBGeh9GNa08vNcmT6/WRlZRIIBAgEsgmHw7S2ttHW3k5bWxtNTc1Rn2PKxPGMG33BAmCB1vot4B7gOaWUjvrgwlHSDRhj1dU3ZGXkHr9Ha24iDtfb78+gX3k5ZX16UVbWm/KyPpT16UVpjxJyc3LweM5d6Wtrb+fAgUMcPHSI/fsPsnPXp2zfsZNtOz6hsfFIl+cfNHAA9/7H/yIvL/f0H60FlgJPKaVCdn8/4SwJADE0ffaVA5Un/IxCj4zVObxeL1VDBjNqxHBGnX8ew4YOwe+PzZihAwcPsfajDXz40XrWrtvAvvr9f/9ZIDubObNqueHaK8nMzDzXYT4CblJKvRGTQgojEgBipHZucC7oJ4Eip4+dkZHBReNGUzt9CqNHjSA7y50G90OHG/h09x6ys7Oo6N+PjAyjwLMcKxDUx6h453TL27qYEFehmQ4MwpohuU0p3g138NQD09RON8oVbxIAYqB2TvA2lL4bhxtZh1ZVUjttCtOmTDxTFTsZHQH+HXgoHq8Fwd9rb1kvpqG5Hricf0yHPpM1KB7OUPzm3knqWKzL5hYJAA6qrq72+QLdH0TxNaeOqZRiyqQJXHPFQioG9HfqsIlmFXC1UrHpOrzlTT2cENcBN6AoNdy9FfgziicLOnhxyTSVUvkQJAA4ZPbs2ZknPDm/BxY4cTyfz8v06slctXgh5WW9nThkojsG3KiU+q0TB7v5Dd1Laa5AcT0w2oljavhMaZ5WHh5bOlmtdeKYbpMA4ID58+cHWkKZf0Ax04njVU++mP92w7WUlro61d8tTwJfVUq1mO540ws605fHTDTXAZcR2xmUdUrxxAnNYw9OUQdieJ6YkgAQpZM3/wsopkZ7rPKy3nzja19m9KgRThQtmX0AXK6U2hHJxrf+VY8Jh7kexTVYqc/iqR14SSmeOJ7NHx8eq07E+fxRkQAQhWAw6G9o5g+g50RznEy/nysWX8rVwYWmLempbB8wRyn1wZl+eNOruizDxxe05svA4PgW7awa0Cz3eHny/knqTbcLEwkJADZVV1f7fDndnyHKd/6K/v34/ne+lS7v+aaOA4uUUi8D3PK2zlYh5mnNjUANif35rVOa5crHr+6fqD5xuzBnk8gXMKHVzFv8kNJ8PZpj1E6fws1fv7GrgTNpTUPbyt3c9fx2+pys4idb/2cYWKkUT3qaeea+S1ST2wU6lQQAG2rmLb5dae6xu38gO5tvfv1GpldPcrJYKWV/C3ywH1bth8OtbpfGMUeAZ1E8sWwSr5AAcyMkABg6OcLvWWwO8inp3o0f3fF9+vUtc7hkya+lAz48CKvrYedRcP3uiK1daH7j8/HIjye6N3VaAoCBWbOu6t/h7ViNtbiGsb7lffjRHd+nR0m8G6oTV1jD1iPWTf/RQWgPu10iV7g26lACQISqq2/I8uY0vWt3Ys/Qqkp++O//I1WG8EZtz3Grev+3/XDcxY6zgA8uODnc4oMD0OzuOL8m4A8oHi+YxMolSsU8HEoAiNCMeYt/ojX/ZmffMReMZMn3biMrK70b+462w4cHYPV+2O1ivmCPgkEFMLYURnQH/8mXuZCGTQ1WbWT9IevfbonXqEMJABGYMX/xTB3mL9i4XlWVg7j3rn93bcae2zrC8HFjYtxUpQEYVwrjekCe/9zbntoeseNofMp3DjEbdSgBoAvVl11W6DvhqwPzTD79+pax9J47yM9LoWS/Edp9HFbVw98OQJPLVfyR3WFCLyiz+fZV32z9Lqv2w7F2Z8tnyPFRhxIAulA7d/GjwJdM9+verZgHfvwflPZIn/H8jW3WDf/ePjhgPJLfOT4PVBZaT/vzuoHXoU+5BrY0JkyDpSOjDiUAnMPJ7L2vYHidAtnZ/PT+u9Kiq+9EGOoOwzt7rZvDza67slwY2wPG9ICcGI+obu2A9YetYOD2700Uow4lAJyFNdS35APQ55nu+51bb6Jm2pRYFCshaKx++tUnq/htLmb4K/BbN/xFPaEk250yNLRZPQjv7IVD7g5aMh51KAHgLGrnLr4J+KnpfvNmz+CbX78xBiVyX6KMzvN5YHix1Yo/tMhq1U8EiRQYiXDUYYJcusRysuFvK4YDfir69+OnS+8i099FE3MS0Vhdd2/sgU9cTIylgEGFVhV/RHfITMwF0v+uLWS1E6zeD1vdf0XYiubRjkx+/uB49U99GhIAzqB23uI70XzfZJ/MzEx+8ZN7U2pWX9MJeGQD7HLxxi/Jtm76saVQlKTDKBrarFrB6v3uNo4Cu0Ka2p9OVVs6vyEB4DTV86/u7guf2A4Y9d198bqruebKRTEqVfyFNDzwoTViL96yfTCqxOqv758f//PH0s6j1ivUhwessQYu2OX1Mu6+iWo/yMpAn+PT7beartJbXtab4KL5sSqSK1bVx/fmV8Dgws+Pzks1/fOtr4UVrg2Q6hsOcRtwG0gA+CcTFyzII6SMM/r+61e+mHKZfFbFKVt/rxzrST8mgtF5qaSzIXN4sTW4aM3JxtW9ccgWoOEraH07SmkJAKfIDvm/DBSa7DNtykTGjRkVoxK5Z38M31WzfTCqu/W0H5BiVXw78vxQXWZ97Wu2agWr6uFY7EZQFnzrDcqWwqcSAE5asmSJ581V628y2cfn8/Llf/lCrIrkKqeH73oVDClyfnRequkZgHkDYE7/f0yTXnvQGnDlJOWhBxIA/uHNVetmgKow2Wd69eR0Td0dsc4JOBeWQm5qvSXFlEdZw5krC2HhwNglSpEA0El5voKO/NJ6PB6uWrwwhgVKXvl+awLORT2hd47bpUl+2T6Y0NP62t9sjTp0ajCWBACgZuHCbrRro+y+kyeOT6k+/2gl6ui8VNMjAJf0g5n9nBl1KAEAUCc8izBcReaaK+Tpf6o7xkNWgo/OSyUKqwF1QD7Mr4Dvvm3vOCna22pGo64y2X5YVWUqL9Rpi9z87onm2qd9AKief3V3pc2W9aqdHvUqYEIkhLR/BfDqE5cAEcdQn8/H1MkTYlgi4RYNrDtoze8PaStv4HndwJ/CtZu0DwBKM9tk+wkXjU3LFF+priMMv9oIGw//43vv7rNu/vO7WSMVKwtTr3Ez3QOAArMlvWumTY5RUYSbXtn9zzd/p/aQNUx3zX5rxN7oEisY2M0vmGjSOgDUzr2yCkIRj+Txer1cMPL8WBZJuCSSuQ/H2uH1PdZXacCapjy6R/JOU4Y0DwCa8MUmNbqqIYMJZLuUd0rEVIPhoJr6Znh+J7ywEyoKrFrByO7WoJ1kkmTFdZaH8ARtkBJh1IjhMSyNcJPd4bUa2HbE+vqvbbHJRhxLaR0AtFKjTf7nR40wzg8q0kjHyQzJdYetmkDnyMjBhYmbeSdtA0B1dbUPzdBIt/f7MxhWNSSWRRIppKXDSgG2er/VRnBBibuZi88mbQOAN7ukEnTE63X1LS/D75fpbMJcQxus3G199cuDqX1gZEli1ArSdiSgx4vR47y8rE+siiLSyCfH4IlN8JMP3V0yrVPaBgAdDhsN5i/vIzP/hHN2HYP/vd7dxVIhjQOA8iijAFAmU3+Fw3Yft6bzuiltA0BYU26yfVkf48WBhejSO/vcPX/aBgBQRqv+9OzRI1YFSUimDVQu12ST1j4HsgDbufY6TBjSOAAowkbJ/AKBBOu/iTGv4Scj5O5S2UnLictmJ2FoGFohjQMAqKJIt8z0+/F6U3hO6BlkGH4ynM5amy58DvQFdti59mFaIK0DABE/0rOyIx4ukDJMA4CtD6EwrmmdiZ1rnyE1ACJehyYdJwD5pAYQF07UAOxce0+H1AAiDgDZaRgA5BUgPrIdGFxq59o3n5AaQMQv9V4n6mlJRl4B4iPXgcH4Nq59+MHZtEN6BwBxDqYBoNVmXvp0F3CgBtBqvsx4K0ppkAAgzsI01fSx9tiUI9UFHKgBHDWfU3Ck8y8SAMQZ5RumuToqAcCWQgfSiR1tM97ls86/JP104OrqG7IyAk1VYQ9D0LpSKV0Fngq0zgFygKKTf6bR6vPRyze8WhIA7Cl2oIfZxjLiezv/knQBoLq62ufPKRmp0bUaVQvHJ2nIUp3jIbVCBqZGzzQAxHAt+5TmREJRG8E3uQJAMBj0Hm5iOkpfr2BhGH1yzVm50WNFagDx4UQNIGUDwPQ5i/p58fz3hmb9BaWQjBxxZFwDkABgzO9xpg3AtPal4O9zEBMyANTOvbxCKfVNrfmqhiTOup68TAPAwVarPpYIaa6SRc+c6K+XBg63GO+0p/OvCRUAps++cqBHdfwQVFBr6aFwU16G9eGM9CWrPQSNbcm9SEa89QxEf4yGVmg3HAikVYLVAILBoL+xWd+iCS0BlXAzb/LzUmQdKAM+DxRlwWGDBTPqmyUAmHAiANQ3m++TqdjS+XfXn7I1c4KzGpr1Bg13Awl38wMMqhjgdhFcUWr4Ad1v48OYzpxYX9A0AGj47O7JqqHz367VAILBoL+xRf9Ya30TCfzq6PF4qK2Z6nYxXNEzcOYFM8+m3vRdNI15FJQ7sMi06TVXUHfqv10JALVzL69oaNa/A8a6cX4TwUUL6N/XKH1gyughNYCY6Z0DmQ7kmDF+BdAuB4DaucG5oJ8CCuJ9bhMej4fgogV86fqr3S6Ka0zfUfc2SU9ApAbkR38MjY0AoNh46j/jGgBmzAneoNGPxOO8mZmZZGVlEsjOJicngFKRfSzz83IZVDGAGTXV9OtbFuNSJrbSgFlPQHMHHGiBHumXPsFYhQOPv/pmawkyE2G3agA18xbfrrW+mxg8IMr69GLUiPMYNLCCsj69KC/rQ3FRodOnSTtZXijItLr3IrXzqASArniUtWBotHYeNd/HF3YhANTOXXw3mm87dTylFOcPH0rt9KmMGzOK7t2KnTq0OE2vHPMAcGFp7MqTCspznZkG/Mkxs+01fHb/NHXw1O/FPADUzFt8u1M3f0F+HgvmzeKS2mmU9jDK6i1sGpBv1hOw0/BDmY6qIs5HfW6mNQAFb53+vZgGgBlzgjecrPZHpbi4iOCiBcybNYOsLBlpEk+mjVX1TdZ7aXZCDDFLTEMdqLC2dNjoddFxDAA1cxbP00o/QhTv/D6fl4UL5nLdNUGysxJyjFDKK88Dr4p8EUuNVTV16imXagoznen/33nMfC5sWPP26d+LSQConXt5BfBkNMcfWlXJt276Kv379XWuYMKY32ONWDN539zSKAHgbEaVONMKvrmh621O01Sk+eD0bzo+FHjMmBszUJ6nAFvtnEopFi6Yw9K7fyA3f4Lob/gaUGfQZpBuRhitSHl2Nq7xe0umqc91GjpeAyjudfg+rRlvZ99AIJvv3nYzF40b7XSxRBQG5MPre7rerlN9MxxqhW7y1vZPirOgnwMDgA61WuMtTJypARAcrgHUzAnO0pqb7OxbWFjAfT9aIjd/AhqQb15tNek5SBcXljpT/bdTwwrFOgBUV9+QpZR+EBu/Y2mPEh64904GD6xwqjjCQXl+6GM4c22T+TtqSlPAGIdWmLcRXJtbAvz1TD9wLAD4co9/Bxhkul9BQT4/uuP79Ondy6miiBgYbth1taXRPFFFKhtU6MwrUXsIth7pervTvPzwWHXGTkNHAsD02VcOtDPYJ5CdzY9+8D3Ky3o7UQwRQ8MMG69OhOFjqQX83USHnm8bG8yXAtPw3Nl+5kgAsNJ4mSXzUErx3dtvZvAgqfYng7JcKDDME7hmf2zKkmyKMuE8h1r/bVxT7ffwwtl+GHUAuGRBcBBKLTbdL7hovjT4JRGF+Qi2usPms9VS0ZQ+1gSgaDV32GpbWXXvJPXZ2X4YdQAIdejvYrDSLliDfL543TXRnlrEmWk7QEcY1h7sertUlul1bnLUhwdsrASs+fO5fhxVAJh56VXlKL5gso/X6+Xmb9yIz+dAOhQRV4OLzFcNTvfXgEm9nZsXYedaKnj+XD+PKgDoEx3fwHDNvUWXzqWif79oTitc4vfAMMNawPYjZpmFU4nfC1MdWs6moc3W/P/NS6fw4bk2sB0AgsGgVxs+/YuLi7jumqDdU4oEMM6wOquB1WlaC5jYC3IznDnW+/tsLYT3OEqdczfbAaCxVdeA2XJdwUULZFZfkqsqsgYGmXh7b+SzCVNFpheqHXr6hzS8va/r7U4TVponu9rIdgAIh7nOZPv8vDzmzqq1ezqRIDwKRhvmYjnann6NgdPLzAPl2XxwwNbaiyuXTlWfdrWRrQAQDAb9Chaa7HPp/Fny9E8Rdlq13zxrR1Tqyfc79+4P9q6dgscj2c5WADjSFBoP5ERcGKWYWVNt51QiAfXKgT4R/+9bdh6FXWmSLmx2f6sB0Ak2r9vx1hB/jGRDWwEg7PFMN9l+xHnD6Fnq0EwIkRBMGwMhPWoB5bkwzsGPus1rtvzn09TxSDa0FQC0VtNMtq+ZNsXOaUQCG1tq/pT74IBZhuFk41EQHOzMqD+wuv5stp38MtINjQPAhGAwW6EvMtln7OiRpqcRCS7gM3/ShTSs6LJZKnlN7OXMgp+dXt5lo/dE8ddlU9T7kW5uHABymxgCRJyat6xPL0q6OzQTQiSUKX3Mkz+8ty81BwYVZlrv/k5paINV9bZ2XWaysXEACHsYYrL9qBHnmZ5CJImSbBhuGNtDGl5JsVqAwqr6Zzk4uv0lO09/2LF7L8+a7GAcADzaLADIdN/UZqe76/361KoFXNwLhjqYBbmhDVbbePprWLb8ChUy2cc4AGgVNgoAZX0k2UcqG1gAfQ3z3KdSW0C3LJg/wNljvvSJrad/Y3uIX5nuZBwAlFZGbzplkuor5U22EePfr7extHWC8Sr4whDn+vwB9jXDKnuz/h6OtOvvVOY1AFTEiY39/gyKi2WFiFR3QYm1lLiJsIb/2hab8sTLggrzNRO68qft1rUx1BRqZ6md89kYB6AjrvAFAoafCpGUPAousbGGy5ZGWHfI+fLEw7Bia66/k9YetJlHUbHsJ7XKVp+BnYFAkQeAbBn7ny5GltjrA//TdhtZblzWI9uq+js03gewkqj+eYetXRszsff0B3sBIOL/5qysbBuHF8lIAbNt5Hk53AqvGaw65LYsL3xxmPOrH6/81F7PiIJ7756sbOdfdnxtwFOFQpIRMp0MLYaKAvP9VnyaHEOEPQquqzJv7+jK4VZ4dbetXfd5WvhpNOe2EwAibmlsaUmhzl4Rkbk2RsO1h+C3m21lvHFMJOP3Fw40z4zcFQ08vdXeIioa7rrvEtUUzfntBICIJyc2txiuYCiS3oB887yBAJsbrbRXbinuorlqRl/nFvc41bt7bS+jtj10nIejPb+dABBxasLm5hY6OuQ1IN0sHAg+G5+sP223RsG54VwTmy7qCbNikMe2oQ2etdfwB4qbH5yjor5aNv6bVMQBIBwOs3efvRkNInl1y4KaMvP9Wl18FZheDiO6f/7740ohOMjZFn+wfsffb4E2o4G7FgV/XDZZnTPff6TM2zJV+BO0mhjp5rv37KW8zMH8SCIp1JTD3w6Yr2O/pdGaMTi+Z2zKdTZeBTcMtarjHzdYN+jQIhgSo3Fs7+y1vXZis0fzLafKYT4SUKtNJtvv+tRe86ZIbj6P9Spgx5+2w36Xmo+qiuDSCrisInY3f32z7T5/0Nx531Rld+/PMX8FUGqzyebr6z42PoVIDVVFZ65Wd6UtBL/emJrLi7ef/N3sVP2BzR1NZvP9u2I+HTiM0R390boNhEL2fluR/C6rsHLkm9rXBM9sdb48blu+1fYkKK3CfM2Jhr9TGQeAE805m4CIC9Hc0sKWrdtNTyNSRGGm/emyq+rhXRe7Bp329l77ayVq+OXSavWqsyWyEQBee+3XrWjeNdnnzXciTlEmUtDFveyNDQBrxuBu40muieezJqttww4N29pD3O5siSx2hwIbRaIVK18nHE7BFzoRsSsH21snryMMj2+EphPOlylejp+Ax+qsCT82dCi4xs5c/0jYSwuuWGmy/aHDDXz40Xo7pxIpIs9vBQE7DrXCIxuSs1HwRNi6+e2mQNNwh0mWX1O2AkBxQL2HwZwAgGef+392TiVSyPBu9vv3dx2D33zs7nwBUxr43WZby3p3HmB1c4C7nSzT6WwlM6qrqwtVDBk6FFTECf937/mMSRdfRFGhjeliImUMLrQSXzTbGCFe32y9ElQmSZKpP++Ad+w3YjYpD5c8NEEdcLBIn2N7OrAOe7pcevifttea3z79B7unEynC77Wm1GbY/OSt3G2Nokt0b++F16IYA6c1X1062WzMjR22A8DkC4e/gtZGuV1fff0tNm1Owc5dYaQs18qjb9cz2+CjBF5ufO3B6PIdalj6wFT1lHMlOjvbAWDJkiVhlPq/JvtorfnZLx9F62R6kxOxMLaHvWzCYCXNfHITrE/AfILrDsH/2WQrsWenVwpDfNvBIp1TVAmNK6qGb0bzDZPjHDx0mOLiIioH2xwoLlLGkCLYftReC7nGqgX0ybVy9CWCTQ1Wl6WNnP6dPumAS+6tjk2X35lEFQC2b647UlE5rD9wgcl+a9etZ9KEiygocDinskgqSlkDhNYehBYbjYKdQaAs11qmzE2bGqzuvigSnLZ6FLMemKLi+o4cdU7AcNh7F2D039fa2saddy+lrb092tOLJJeTYU3DtdsoGNLWU3dzo7PlMuHAzQ+aL98/Wa1xrFARinpNkx1bNzRUVA4bCpxvsl/jkSMcPHSYiy8ah1JOp1sQySTfD71zrJqAndpzWMMHB6xaQK8cx4t3Th8dhMc3RX3z/89lU9XPHCuUAUcWNeo/uGq1UupGwGiw57btO+kIhbhgpFHsECmoR8DKy2e3YU8D6w5a3YwD4vRm+dfPrIE+UTT4oeEXD0xVcWv0O50jAWDHlo1HBlQO8yqYZrrv+g0bycvNZeiQKPqFREronWNl5916xP4xNjdag4yqip1P49VJYy3g+dzO6I6j4I+79/HFuuU/cK1bzLFlDceOGv5uawdXAMYpIFb/bS0azcjzhztVHJGkBhZASwg+iTj39OftOmb1LAzrFlm6bxNhbc3pfz3axUwUr3YcZ+GvLlOuTnNyLADU1dWFBg4ZthnNtdgIvh+tq6O5uYUxF4yUNoE0N6TISgm2L4rVgz9rsoLI0CLnVu9tOjmrz4FBSGsyPMxaVqNcXx/ZwYWNYfvmum0VlcMKgAl29t+4aTNbtm1n7OiRZGZmOlk0kUQUcF432H0MDkaxtsyhVqthsaLAamiMxu7j8It1sCeqZTgA2Oj1MuPHk+wv5+UkRwMAQFH+pJXZuS21QLmd/Xfv2curr7/JkMpB9CixkVBOpASPglEl1gQgmym0AGt8war9VgCws3gpWFl8fl0HTdEvcVGnoXbpZHsr+caC4wFg79414Yqq4S+j+RfA1vCM5uYWXlrxGocOH+b84cPw+21kkhBJz6OspKKHW60qvV1hDRsOw9F2q3Ew0naBjrCVxee5nVGN7uu0pr2dmgenKZtJwWLD8QAA1gjBgUOGrgd1JVEMNtqydTsvrXyd4sICBvTvK20DaUgpK49AQ1t0QQCsavzmBhhUAIEunikHWuDROmtsvwPe6vAz86EpysXhSmcWkwAAsH3zxi0DhgzbrmAhUfTItLS08uY777Pi1TcAGFTRH683ZsUWCUgpq02gpcNq4Y/GkXYr0WimF/rmf/6DqbF+/uuN9rP4nOb1DA9zl12soix5bMT0TtqxuW5dxeDhzShmRHus48ebWLXmQ1565TWOHD1Gt+JimUuQRhRW9b0tyi5CsF4JNjVYwWRw4T/Slh9phyc2wht7HKnyAzyPj0vvnxjdCr6xFPNH6fYtdW8PHDwsE8VkJ47X3NzC+g0befb5v/Du+2vYf+AgCkVRcSE+qRmkNIW12EhOBnzcGH16sIOt8H49FGVZXY7/uQH2OtQxpxQ/Kwhxw91TVEJPeInbS3XtnOBtKH1PrM7p92fQr7ycsj69KCvrTa+epWRnZREIZJOTE8Cjop73JCKQm5tDaY8SPJ7YXu+PG+CJTfZmEcZYSCm+t3SyusftgkQirq1qtXZ+SzgAAANFSURBVPMWX4/mUewsSiqSRl5eLrXTpnDd1UHy8mz2vUXgQIv11DZdgDSGjivF1Usnq+fcLkik4lpn3r65bm3/QcNWK8UcbHYRisTX3t7Opo+38Pqb73Dx+HHk5sZmil5OBowusd7lGxxdMMuW3drLjGWT1BtuF8RE3F+ad2yt21o5cMTvtCd8MSDrhqew401NfLS+jjmX1MasC9fvtYJAY3v03YR2KXjD66V26UQVRSZAd7jSarZ16/rGMaOGP9F6glxgPHF+FRHx09DQSP++5fTvZ2tgaEQ8Cs7vBt2yrdmADrXgR0KjebAph2sfHJ+Y3Xxdcf3Gq5kTnKFU+CFQlW6XRcRGzbQpfOfWm+JyrgMtVuPgnlhn1dPUA9cvm6peivGZYsr1frMdW+q2DxnU/5Ew/jYUEzBMKiISXyCQzawZ0+NyrpwMuLAUWkPwaeyeySt8YS65v1qtjdkZ4sT1GsCpZs4PDgiH9Z3AVSRAcBKOeWXF80/Xxvukt7yhLwUeA2yuTfw5HUrzw/wp3LFEqSRcqfDzEqpz/KU/L9+x4vmnr/V6VZVCPwok9CAKEbF1bpx02RT1p44QIzU868Dh1mgv45ZOVUtS5eaHBKsBnG7mpVeV6xMd/6rR16JU7FqRREx5tB7/0gvPvOdmGW75q56P5udAmeGuLUrxg/wO7l8yTSXesKMoJXQA6LRkyRLP2+9tqNYefb2GRUCe22USEfv9iuefvtLtQgB8+2Vd0O7nDhTfILLa7+tKcWM81uhzS1IEgFONGXNjRnGPgxeGPZ7pCqZjdSNmuV0u8XlasdIfylz44otP2V0gOyZufVNPCod5GBh6lk0aUHxn2SQeQamUXscu6QLA6WbPnp0Z9mZVhbW3UqMqNbpKoQZoyFXoPKAQyAWiTAolInQM1Eeo8ONF2Z7Hli9fHnK7QGey5FWddcTDzSiuAgYACs024HeeMP95/zSVwMuPCiGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBAiMv8fEXkhdG5DOgcAAAAASUVORK5CYII=" ++++ }, ++++ { ++++ "name": "caddy-crowdsec-bouncer", ++++ "author": "hslatman", ++++ "logo": "iVBORw0KGgoAAAANSUhEUgAAA+gAAAD7CAMAAADO105+AAAC91BMVEUAAAAAAAAAAAAAGAIAAAAAAAAAAAAAAAAAGAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/0PkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABO1Pc90P8MrRk90P890P890P890P890P890P890P890P8Nqig90P8Apw9G0v0OryM90P8Lph+B3rwApg4HrR890P8AqA490P8ApAc90P8ApAcXtTsRryRGxm4AfQIAqhIDfw0Vt0MCwIm37NYAfAAAfQMAfACp58qg48ICwYuV37gAAAA90P8zNTAAfAABqQ0BqxAAoQMApAf///8AoAEApgkAowUBrhQBrBK6vbYBrxcApwuCgoLh4t/a29fc3drf4Nzs7Orj5OHX2NTl5uPn6OXS1M/V1tLp6ucAog7LzcfGycMFsRwCvoEQtirP0cw0xVcApRYvwlDw+/QBqSk7x1/Dxb8BqzEUty8qwEoBrTi9wLkJsiABrz/r+fECwYz0/PfAwrwvvcUYuTQmv0VXWFU4OjUbujgMsyPk9eTp+Ow/QDw0NjL4+/nb8txDRUEjvUEeuzoAjAMNtCbu7uxQUU99fn1dXlxvcG7U8NUgvD4Cw5V5eXhpamhjZGIBsEba9ejP8uIAphwCu3QApyAAkAn09PPE7tpKTEji9+4AqCSo4Ks0R1eU2po6PDt0dXTH68ix5LMBt2Se3qK369HA6cLN7c6C1Ii55ruKjIozja1dyWYBs1QBgg2L15EzYHZSxlxozHCZmpd50X9IwlNxz3citzIjriYNtVE+wEuo5sU1vUIsujuqrKgorT8ZriEZtCo7yfSU4b4nRSU0sdkRk0YzlbcyVWY0pcqQro0Kiiw3wOhJwu80iqoKkxwzaoInsqUzeJEzf5wepX10krMXnGHF4cVihqRgcoxmn8PC3sEzh6YBnj9Ut+Feq9KBhqI/x4Q0xNpb06MdozAKbgosNv34AAAAU3RSTlMAy4IG6ruk4wz8MfcW8XRkEJNv2cMk0rI4rItVXAybex4qQEbeTFBqH/L9zpcq4lo/u3ogqJM0eE01/WOth7xl6G7T3FT57OKpSbbmyl51xqN9dJdQW+IAAEF3SURBVHja7NtdasUgEEDh2YjvilFjCJKXEO4eZv9raaG0tC+Xtjf+JJxvD8McTZTGTCjzlo5lX7OP6nxep+WRtrkEawTAxRk7L6vTp/yeAuMOXJIpafL6e259zIw7cCXh4fU/3MSwA5dgD6+viHth2IGR2ZT1DHEJAmBEJkU90W4FwGBK1rPFRMMDA7G71pFnATACc0StaOK4DnRnV60tstaBrmzWFuImADoJWVtxjDrQRfDakksCoLHitTV3CIBnrr3Nv7DVgWbMpL1EPrYBbWxOO5r4XQ6oz3r9Oy7ggUtZtD/PexegptnpEBYBUInJOgpXBEANZZB1zlIHfrjd6fw7z/U7IHLbbCffgU+3znbyHfhw72wn34F3t8928h04WRgy28l34Eyzjm0VAK9KOroswBt7d7PTRBQFcPxCAUsLIiBooaCCokbFmBjjxvgQ93bFqkk/pvSLyIIHcOUCNtB0Uz4WtMvGhWnXdUPCvgsSoiRiiKYJdgFuPXNLh4GZqZ1pi870/DY8wT/nnjudAVnzGg6v5BBqnjfMDGaxdIQa8JKZw2N8nw0hw16w5tg7KZdKpePj418i+Fsun54csmbC0hEyZuIJa9BJybexsbG9vZ3Pb4F0Op0Bm5uby2B9ff3j+s6P7wfNKR4fqCNkxMQsM+6wXPCBSud53nkaiJnLOgfJZHJ1NbnzfZ81Cj88g9BVdn5Y8lVB5qDaeUaj81xuZWXNs7bzZY81Av9zE0K6GTy3l30yNY/tIMk7X+Wdc7mjA2YcfiEWoau4hzv1ycjX87RW5zxz3rnk02dWD7yRszrHkBY3uTozQ1puEwt4ynQ78QHFOJc6r3Vsh84v+Gpwrj/G5+kWcp1q6SBXp5tq6STm94bp9dt3kfK2XcocnGUOVDrnjvZZnfCXMxaFobfcW6agK3Og7Fzr2A6dq/pkJPUnBFkFht5qr5mC3sx558pje2Yrc6Fz7cx56gesLviGiyVh6C32iukCmdce54XiYiCazSayqag/EAbxRW9xt7CdXv5Ys3OQ+8L0ekqQNWDorfWI6VH2aY7zfMEbCGUTcyCRigrhOIDMAxVBkSAIwfe7W0kPaOQAj1+isCAMvaUmHrP6Hfo0Ovd55yFxLhsJxmNxLgykzIEA/Fy4mM951B3tscus98MZW9/I7ekpx0ifnSAM/Sq8ZPUrqXZeWAxB41xiIRiLQeVS5orKuXkQiQjFLY8qved301y92xzuQVd3x3CXk55zdg13Dz6cvkvaHYbeSs8ZZ2ycg914du5MNhKOiSqVKzIHPHJRBEQj0Wg0XFhRO79LQ90yV+83poYmO5y0Bueo67rDRtoXhq7wTxb0U7XKpVEeEmKcfJhz59NcEDP3S52DBRBa2vAoHTA93pD/mn285z6tT7/r4T3SpjD0FpplnJHL9oI3Ic3y4JK8cq3VHCJXZL4QAh+WFaX/ZCrM+M6qfdzlpLpc65lpy8GOoetmG5lyT4/Ym7mgK4b5u7mqUCBWoZq5wPlFyswrUqnQUkb7+G7i38Lyyg3oGmvDuY6h6zTl6qVc97hNx4KuZz0vBquVJ6Lx2plzisp551LmokDec8k+M/ma/gAqN6xj4AZpLxi6Lo5RKnJS0bUHxhd07c53BSlzf2xJ1nmYk2WuOczl01y0AAIZldLN+zR9poM2xjk5QtoJhq7HABQ++tBxg9jvuW9SSsdsRNOsoc4Li7LV/O/TXJG51DmvXMo8Crxrl0s37Zo+Pkob1zvZTg/dMHQdOmGKT1+Y7i6i5amhzotZaZov6djNlZVD5il55iAyX7hUujnXdBtk3hzOwT7SLjD0+j2g9GYfOWfvoXSIqHtmpPOCf+5MKq56Zg/WnOa8crVpDiJgfj6eVDxmM9uP3m3uYdo8zs522dUx9Lrd7afDdtLTLXKNDdgIsXXTXgdRNWug811pnAf1DHOgvZpHF6TMRf68eumm+d7M7VHaXP1u0hYw9LoNUidUfU16IDtDSF8XdTV04+6T8Urbefwvmfs5xWoeUgzzs8oBr1xU9Mh9M9fNu62zlzbdrbY4v2Po9bL300kiC51nf5329hGlCf2dF+LVzqOyQ/ulF9Rkw1wxzdXP7JHzYc4Jwjv5nVyOXfCffwAabkVaoWucWB+GXq8BSh2V0G8Sm2NMfJIOI72X3jH+U5myrPNotXNBNs71T/OU9jQHAgjGc55zX83zdgsf563RY/1NHUP/w965/LRxxHF87PVjba/xLn4b1zbYhlZNX1FV9VJV/RtmfcoJiVcJgSgcuHHJiQO9hMiX8jgkHCsOFpzJBcl3DpGiEimtIqJKbVW15y679jDGZj0zO7NxwJ8c2ksIsvjw+813fjNDSgHGQVt0gxSEUfM7TzMncf9ini+1PZ/Hh13n+muOLO+u5kjzWaT5/AUdkdy7DyWPQ+VcBMEyuOEMRScCKY1ET0MYkS709zAncZjniyiGu25tjs+0o57dANMcr+Z4BNe2vCX63BxmOh7IDfJN76icCyIUAzeboeikVKCGiZ6xWndQhD7W2yBnLllAnvc8ubJgNx3T0vxHO8utnt1k7oKVA8z0lx9AHienISc+gJ+0NkPR3ws+mGuJ7kunzUhuxPz8omxJHH4wdQ717bjm9vtpBl1BO5bBYQkc7vmcxf0V7KD6iU7KF+A9oXigeAI3+lTbUHRSPDBgid7G9F6DKcYkrse+2hLZftqj0+bxzt7+5sETQ9Of6tv7ezvHzdPHSw9xzU0wyzHP7xus4xNyg57HJePQDRI3OZIbik5KFnpw0VshXBqmWQ6z4CfQm2gcDtcc309Dns9uNJ8f1q5l0zj4hiVw+NLcAEluXiyJ7adv6YN9uCXjg+4Qv8HD70PRSfHCkGKJnlIUL7Rm4tQozDEUdHwk7vjn9pwMXsxbYNV8obmLLm63Y3tm7YrnncV8xRR9eeUYS94HuqRXI9AtKjd3dmYoOilJa1EeND8ZKWX8RwJgCsJxphX6DGIFLdC7ijmm+emu9RwyEfXmPLL8as++YrJssMswIPcDcJ1YCLpH6sZ270PRKb7JitwW3Uzdi0COQz/DqTU8iTtte/4Qed512nx9D723RMrmaVcxNzEtN1l7xDI2A9ymCF3Ff1MTuaHoxJQhDCDRgQZhJFmAsOqwoP/Y3lkzVOx92ryJPYdMw9F9bGk+h2lueb621sRK+qAG73noMtkbavpQdHJyF827agAMJFVVihBqTC+nohX6DkrcZ6/ZT5vG3lWjpdlRzVdwzU3q9FtsnwBXmQhBt9HAjWQoOjmSB8KA3HEc3SM5LOi/tJO43k378i5LOUc8edyh+XKH5o/WprGpmYE825JkyNuD6YDmHYmNlcuT+amiN5uizfKK4CYyFJ0CxQ9hsKhY/18MQuhXQCd3qQr6zs4GVtDnu/bNZ2fqjJ4jnq9dreZrLR4Z7NXavB3Ekq7EIRXxwEhZAV2UysUEeWcQqoKbyFB0GiQvhDAUTxf88dDFNyexDcUdtz2feYoKeo8huGmb55C3DhuNs5O35+dvT84ah1t2/XurmlueI8tNVge6pEsJSE7Ib3uxq1zVKrfZ86HolIQLEXSNaJh1yh09h4wi96Ue0zGnpueHVz1vnP/aKzp7+frdWe9ZmhlUzHHPLdGP6PfSPwduEaCxXCG6qfvWej4UnRp1rFhIF4pjKuhGJ+IP9Ewqitx7zLoeW57jmh++e92n8L56cdajfV/pXJsjzVdXN2oIfdDeVy1CQqJFBZChjFRuqedD0XnypU4E8ryJnmPpOrmy+Pxq2751TrYH9vL3Rtew3Nql5cYfy3LDc4N9+on3r4ArVIk1VwE5Usx3Kz0fis6Tr4hFv9D82dEyiuKuHkNd2L7i+dtXOjlvzq8s2g9X17qqucU0FscN1BysGuSrOUIuRq/1fBLcWIai8+Mjws697fkOepKl6ya4zc7l+duXOiX/1DqoW5pj1dxifX37Su8+KEMzGiRBUwE9SuH2eT4UHeHaa+hW2350dISiuJ+vvqy0U69ju2qNNzo9L0861+lYAoc8XzdodvXuAxHHTUACKhOAjarvtnk+FB3h2ivJF5pfiL53vy364pW7Y07xtn3rtc7Gq461+jHy/BGy3IShd/8YiEaOw/4UVMCKkr1lng9F58fHhJ272bYbnh+hzv3KfY+rT7C2/URn510N4xStzXHPNzY26Xv3u0A0OdgXn7PgLB+5VZ4PRefHXcKCbpXzvT2Uuf/SeUXUPJ7CvdOd8GsNY+PS8/VVy3LD8w363l38dFw4BPvhURxfZ3GbPB+Kzo9PdCIMzU3Pnz9CS/TOi+D2nxyi5fmvujNeY6Lvrl7R3OTxY9qZGfH3wUop2A+/zOGCKp6eq8lMOKkC95FL48a/rMjvVXRJTYYz4yVFugWif0YYkrU9f/4UnUTHNX+4itXzV7pTXuHNO+rZcc8fb9KfSr8DhFJ05yJH1Y88HwMsKOX8qFcLpD1xX/sL+eIef0DzjmYkIBZpPJ/zpypR1PuEgv7CyGTJXdHlzFQhkQpGYZtIPK1NldWbLPodnYi/Dc1Nz/futTE1R+8k1lE5t6nnTDW9fqm5JbmhucEx/SJdByJRoy4dJZWyzJ5L47GAbWAYSXirogp8KVbwRGBvKoV8yR3RMyOBeAj2JOTJVWUW0bXgtWicmsXgNYQBIToZO2Y5N5hBWVzH7c2nl0My5zoPzmuI5iquucX042m66yfEj8EWXTtIKqVZPFfLXn8UkpDS8iXulo94+uYXo4po0TO5ILQnlB6T6ES331WNqEIvMokDQr7RyWh5vr9/+Xgq/hTDg0vPz3Q+YNPv3ZobINGJOgjxY7Cyz72rIeQEpedyvpCCVPjLPC0fRZb3sWxSEid6OFeBJPi0MG3rbtMlTQEOJOA1jAJCvtPJaHu+v4hER5YbHCPPay91PrzENtPbS/N2MTfZpt9J14E4Rt281k32UHguVbMRSE8qLwEuhLOQnPiYINHHUpCcdJhO9BGbjxE4Z5yyX2DP3P81NDc9332KQnf8nUTDc1ReefE7Ev0QaW4w3eYZxSPK4mdmpCC0paICnqjEBTdTiEJGgkXVPc0RqUmuoiPN6ciGaURXIvBaMgLnMwqc59z1P9qe795DomOPHm9sbSHp+LF1GbxjTTuiSZHGiZ93j0FbouPgvVBNQCdEtZJ7miMSSc6iT6YgPZpMKrr9JQQF50XE5/iXyJc6GX8ZmpuezyDR8ddQ97doplfok/fnSHMMmjRO+CJdikM7QmXwHpBiceiUyIgEnIzsMhGZ4il6JgWZqGTIRc+IjOPyzj+DOzoZVjk3mEaiY+8kLmE3rfOkUWuDNMfZon9CWQeCGIO25MB7IBaEPEgkmT8UH2TFXyIQXfjL1TmJVHSQYo/j2KO4GO+xOH2/5fnmfbS7hj2HSjuOSj8K20SWY6BHlF/oBIhdpNsXjaAMXCfjgZyIxAALagA6wJfhI3o4BR2QUEhFn2KO49ijuKjMe4muW55vbm7+jEQ3NTd5WMfePeQKEn17ugf7NQPKnfvvgRAmoC2TwG1KlJbxb0jKDvuJyCQH0aWREHREPEkouhwVFsdpzjdsvyQWfdfyfPspEr0lucEiNnbOl5Nam16iP2NYMHwKhKBBO9LAbWIRyJWsDOiQNOiYUceilxLQKb4MmeigICKOs/8VEua+RP/N8tzgHhK9rfmDh6fUly/Tj7yfTneDhmAbOjlACD7b6LoE3EXNQt54VECDnIYcKDoUPVmBzolkyEQPw2uJqkKiuATgvkT/r1XPt3c7RH9oiv7gGYNwtL37znQ3p/T7a4JOsGX6VCZ3yQQhfxISIEdNQC7EHIke9kEeRMeJRAc2mUhMSBSXB9yX6H/ubpqebz+7FL1l+YOlpTr3zh1xYrtIZxH9ByCAnG0SJwFXqYagCNISIEVJQT6Eqg5En4hCPgRLRKLnbfohEVGcT+a/RP/T0nz7oImL/sDUfGmRf+aOeGG7SKdfMghapFcG6VE0JQKFUAAI0R0zIpJllmeS38cQ99iJThLHhQEzGoeE9AdK0Q8OTu/hZ1oMzw2wwsqdN2Siv9HJAfwJQyhigcbeX4ghz/7EJDusoudD0A28ZJ97QUAUlwTEfK0T8pdVzw8OpjHRrXK+uIhlYvxBLjd5if4R4I53sN4zFlXSo0lAgBqHBIgWPcPsObvoSZuPTuYexfkBOZ8Qi25pflBfvxR96YJFgz1sO5s7Z3ZpHMPgrZCRmZTdMpMscv8gSrpHAn2R/JAA0aKXfNAdvGSH3GCMexQ3BsjRyUW3PK+vYaJbms/ObmPnwrnzttZif7qbJ/QzsCIun0hCG7KAiA+ipMMil18y4kWXPdAlvIRz0B7uUZzE8YkWxEnL8/o8JrqpuQHjgRbKs6oH093U6UUXMRs3CqHjqagPo6RHFNJOUzwexgdtBYou+bjHcRqPy+o+00nZtTx/8mTxUnRTc4MFLPvmz2u7NO6ApZe4A3gTgAiiX7ziUaKQHSeBQ4aglxAvehG6hpc0rClwjuJKPN9iQmwbmpvPJ/54eRx90bR8dmGeKXTnErszLRo+B7xJ0e5JiccLxRBKEj4xKR4P48EDkaKXeMdxeS5T1d/p5KJbnh/+cim66bnBupATLQhM9K4TbOjG5991CgBnpNBAHWchKelxf1bzTo1NjCvKeKaan8olSCtxlqDRJCOYSAc0b66Q9cf5ii5RfL2Q8UkUchd3Xyd8HEQHaS5xHMG0XRVQ8KlOLHq99XziU0x0U/P5+VORu2u46I8tMN13ay3+0YlB+2uu7KJHZECH+JKe0ibVHnaEpwJRiGDbRMiQ6pUulhW8EZgYDUQZRWdv3H2BqYwMLlGqRX/IoehVvnFcmM+0pU5Mo/V84k/3ED8umJ67LfqG8ceR6Pyn3fMDdW7N9pL5eGFMsfk7oxXqn2wcyUNkuT+mgm6kyWyEi+hJoi8TDZR7uaJMJRyJLgW5xnEal2nLj3RiGu131TDRTctx0c90ERxi98aZOBb9W8CXHOTUrwku6b5i3wBHwq6Yo68loySa21xCpxajHET3kxTzERlcRzJAJTp5O6Hxi+JCCudnVJHo7WdS7yEemp7Pzc25J7p1u/u6U9HvAkYYfrKSgAKhJT0VkwAJoyFoz6SDqD9U6BPmeSNORR8jqOZFGdgxnmUXXQlxjONifIYzPtOJabTfW7qHeGBqbtAUK3oDzcCuWzgWHe2viT+LHgUuYldb0mVASrgCbUmzb16n+nevit+Z6HKwf56ogn5MVFhFB1ny9o49iisDGr7RiWmY5fyq6HNuiH6Gi7568WcDS91ZRP8acEWBcCCe9r2+pEcK4xyvrYhIlDNcCE0maikiTkQf6VvO81zvu/NS7O15eEVxFUDFlzoxDctzXPQlS/P795HoJ7oI0In049UWGw63174CXCkP3i56Z0n3UGiOj6tTlpNCP8NIy1A4zi66FOz3t5KkEWuERXT715nCnKK4EUDFtzoxDctzXPRFS3PhoqNh9xk+onM/kR4boLtlOlB96MpiSpSKbWFmmq/3hTnfW+FhWaEnVEDKRJRN9FFecZwcZRxEZh+MQwtlXHRL85WVY7Gin6Pja49aOBX9E8AKdbM4AWgQUdKDTN/CeNRu2oZlFi9IE0uqHlbR+/xFvwzIyUSZRFcjZHEcewUJAATxtRPsos9ammOiv9VFgER/1hZ9nVF0BECInjZVwPtE9sGsApiYhDaU6N+SDZYoX4tlEz3D4zYsxLiPRXQQ4BTHeXiVj7s6gkH0BUvz5WXBor+rtThaG0zRtcEM3S+YigESaEtjlfrpuUgY0KEEmUTP2of+Mm38EmIRPcMnjgtzew/ijo5gEX3F8nxZcOv+T63F3lqLARO9YNfkfrBUKYfj4hwuocIJRxhETxJckEPFCIvoIMUljitwCX7QRVLMos+blosX/QVv0XkPu2cHc3cNwb+kp2l7Zo3jYDHCQ5sTVAE9WRbRYzw+CTnK7c3G/7k7d96mYiiOn/toyLNJG5KGhkcehIJ4CJhYEOIz3KvuSIAoUKjK0A/ABDtbYYK1QmJgBqkLOwOqAAELCJWBDYkBp7mVGMDYf/tYvvxER8Sj/cX238fnnEkFsOhXM8/XnIl+K+OOX6JPSTJeyi8jyYFbU7F2RAAFfdEDk7FSWP1NKHcUj+PqwJWt7PEaLvpE8zVnoj/3VPTAwyctFogkmXNDb8bkAHxpqyt6L5EQNwihC4hOMxYOMYG9lkWnUgEs+o2J5g5Fv51hLPpRgtE7nRYox8xJKvg1FMP/F6Z1Ra/LYwKMKUD0svkmr2zxOJhmYKLfFpq7Ff1Gxh9Ef5mqY1v02KdOzxaZ1eiDtyDLwKqEEbU1RZ9LGE5R/ZK+6CS5HewbRnF1cryiTzxfXVt1JfpjT0WvyI6FOaasEWvNsQyqGemJXqyw9OicAUTfb/rhX6wBh3yeM/qtiear7kS/mrFqJrrtM7r0pyDPxJJtsLpilSrBHNYSfZSwxKItQPQoNozj6sDnBFPqPvZc4E70Rzvv38WXZ6LX/tMVXXI6ndVQ7CBXH+1AZ+ntEs6cvug0bxgWBMBFPNM9utDcuegC/0Tf4+njNcYCgVDjcq1MOMWajugB00DbISB6y2xzUQZ+M1dlXKb5nTuuRL98LcNYdLJK268pLfaYUT5n7uMqJZjREb3CNdC2CZzOpoziuIPAdoCr1n2iueCyK9GvTBrJ+ya6JGGdojwTKl+YNbke6g40RG+xdfSaB0TvmsRxjRowEp3r9VrmuWvRBZ6J/p9WxslOyHPqje1bbFU7gXpQcJiMGACiG8VxC0Dow/Ue/UGmuUPRr2esGYp+jACgcug25Zn9qh9gZUAx+w8JptnqGaIacLESGsRxbeRjU95hBhddKO5W9Bc3M0xFP05WOSgrCs8zXcmrPODWGKKuLnpBofkVyD5A9F4J3uh1FI6CWM84XHTRsNGh6Ms3lwWmop8hAOgEV4rIY6Jqqyzj70tkrLx4HSEzehLRlUP3UpHv4yZEbuX64NLRJYisCywuurDcpejLK8vi1++iPwREB7vAYqM7++Qbxc7CeNBYcDiuJDCx8oLXIkNqyqJX+NoCdBDRh+g+p1GBJvPK+7rDom8IzR2LvpJhKvoJAsCqOrrkEdXhdKEpyc1g0QOF1tAogaroVcZHhA1E9Ojw3+O4CIriQsI4mgpg0SeWiwlJzkRfWloSmi+t3DIU/SxZZX8eamCjYSEr7GEQvcmYRhZURW9xFijGyHf4EBjHteGR6PLZa7joQnOXoq8L08dfpqKfI6uUE+8rZlphZjmP6DHjO91pVdHLClrBTCGiV7E4rmN/Y5IKcNHv7Xh+15nor9YzTEU/SVYplvxuGles700EjKLXAA3M29EGypfdHcablRAL6/vAnzUilONpiot+bwcxyNit6Bt/FP1dqsEBskszgfNeforzQkNe0SPOARYDVdFHnJHoPCT6ADlNNCr26/XPpyks+vpEc8EjV6JvjFnf2LhtKDpZZh/8DJqfTjNhIFaNquqMB6NAuea0x3izEgJLgDRAX5DX68Olcbjodydccim6wFj0U2SZQ96mccWZJINT9B7nrUNLVfS6Qos7mFnsGzwL5AZt6Uh09H4NF31p1/PciX6CLDNKPC2CHTQTHmLVMaojxlm1gXIFLBlTx0RvVLTjuA5HrnsgNRT9ksC96DfMRL9AluklLO+mGA6WPKJ3OGfPFVVFDznn5XQx0emg9g9GgaWMN8VFXxlb7lb0BxmGop8m29S8nKcKbNsx0cucojckoiseoCqctRIhWlI3r7cHaJIJx1JY9OVLeRX9KNlmb+Lhk/RDCR+xaqnKiHG7FCifhyPWrbuUQDOOmwVGogPNpGSib+3wbZdnH3Z5spXx/j4HX7YyXnzPeP1hl6dbAl3RDxAAvHaWGsQAEB/xiV7lLFXpexHGTaOi1zWDyjbcYtO89cT97bcfF/3m58ev91NVCAEfE1YnAIa/Ep/oRc5/fMeL67UQFb1Y04rjOliJoflD1TeftzcX88Hm9uc3qQLHyTqNkm+5+6iUcBKrNryeJlOGqqIP/SuYGTOjFccVkHoM89j9x/Zirtjc/pT+k4sEgY/tGZJzGnECwFACO8+YdwfkLvsvwKL3deK4RgVfLfA07s3Xxdyx+fWfq/pJss9C4lccBwXuuOh7GKdMhqqi9zkPEIFEdDipjSPlYOUXdef2G0UVx/HZnb2yly5sL7QVWrelKFFRn4yJMT7wF5wHug273bR/gcnSILWRmlqIkLSSSIp9Eh5QqzFqTLR4IbE1GgEVCKAJLyVpSIxvPHB58XvOmTndXWbPztmes8HPzs6siWkU+tnfZc75zW5rkzwj0fz/krPXqH7HVIkubw2bmGyu+3Fhrd+mmtW5vlguer/eeVbatu08odCOy0oeiW6oSL//uPff6nPrtqESXf6N/xg9UzXsS9b2yNaevm1t9dmqMHjC2CytTr+iZwzmVP2kedHtkO//ru2yB4GYKdLf/X+Gc87afYnor1om6CMS4h1WS9lFGhBvT+eSSuWxXPSIuT6YnfAnOgiZm9E50LTooMd3Oy4iyQnNFOl3vHLi1XXKZw4faAQ/DafmWF1VS9+fskzQQWR0Wa3EzhIpgTYmuUbR+wzdSJdX3gH/y5aSRm6jy0VXH32TTEj+T40U6Y904dbvnltZOXfunXfefvutt95888tPP3njjddffz1/gJHHQS/5A8Vi/kB+pIhLvkgZoUcB50KhMDJeGKcXfBgfL4Dx8f37ceBNGabvYRwl5wM+lUqj9BhlB7uAsbFRvCjlmZmJxYkjR26sPyL7Py0t0YFcriGrhQwQGdkhC+gVfchc2ZL2L/pWc1834eZFB2Gf7bhtJpdiPN/Y89W7K5RzoFp0WO0AyWG4cyrmizhG8tRyUAS4UNFHACTHgX/aD9ELsJxeXd1ht2M7Dir6MJV7mAuONz5wy3Eqw/OZRSr68bm5m+s1pteL6S9YZggSGdGYpYDJlnufbWkWXR6zQrYxxQL+b31ENM4QUhd9yGc7Lit5souJIv1OjebLy8vw3COi5ytEdwJ7kQZ1KvoItx2eQ/ECPeNC/R6B547sBcjuBHUWz/ECpRJ1HZrjE1wHsJudx3g8L+FEbYfo88zzI3NzpxdO16heZ6XcXks/IsV8PJ6fHJUU5whtBkS3E6Ymb2Ti/kXPmfq6gambEt2O+mrH5WQ3DQwU6fer8uC7S8tgZblK9E9F6i4y97wjeh5Ad+46TC8y1YsFFtMd11k4L1DdqeZC9o30HWcAt2lEB7hA7xLshun8BVhEn5g4cvz43OnTZxZOVKu+eruFJTroIjLiCu0Uc7Mq4wOWAdFBp0QEjYrJRU8aG/SzczOig6CvdlxEd0NTPk7qr7VKW1aWILpXRP/ETd3zwnMKP0Nzajm/jFAK8J2V5/QTBIfkOBd4zo7X8DAN6q7g7MzgCTzVfEyU6G6RPlOen5+fgOlI3c9Q06erTF/7q3UlOthOpARsq0UENUinKnrE1HjMbt+ig5ChO+l2aJOi98d9pHrJhMKaeA2Pa7lV6fny0obo5x6J6KJGzzsH68ZxivTNGMEbpjvQD5DcCedI3jlOFHerdHouiSIdpg/zEl2Ec8BTd+TuXPSFhYXp6YeVpv9ruESXNH013Ao1cOM5a5sSvc/ACmC5ISCg8DeQyujao6ouOujyUVSkDXUSBTU30Ct77UsHl4Tpkq47d53Hc569j7hNd56803ehyOI5Yz+ERwuOHW7Ozv3mId3pycFvHs2Z7hxen7NLGe04iD5BU3d4fuLE9OHD1ytN97id/rxljAEiZ7ell5jy2o5dlinRc4ZWAPcQFdGDhuZ/dG5a9AEf7bis7v6C/AbbWkU8r/FciF7djWPR24nkOCOoA9Z+g+DUcByI4k4gBxAbn5w2uyjMcSrh7SbvaMpxqOfA7btTzV1myqwbh5COxJ2KXmP6LYXM3WQoFQWyTtLZpOLvVMo2JrqdMvL8uVhKKrpK9TRoaxw4rV4ODTb8HswZ7+M+W6fjDs8herXp+76+8s2pyWNgknJy9iTnPcEpzoeMH3744RvK94wLFy58y/iKcf78+a8ZP4MfwW/g0qVLv4KfwC/g4sWLf4KrV69eu3bt8uXLN2/eXJyfKfOYXobn8zSizyF1X0CNDtEPHXoo67w/Y5kDXshJdVj6QDrZmVRbWr3TMiQ6iBgpWnYTJdHtkJGn4HVpED3dsB0XMT908GnvgL58EAjPwb0rs+8fe59ZTj2fBTWen3LglsNzLrqjORCan6dUaA6o5sDRXHguNAc3J6jmZUR16jlMX2QRnYp+ZmGai35oXRLSn7UMYg8SOdmM1rkSMF3pV2rIoOhPmLjjkAkpiC6VBQzG9JVk6qIn4w1+QDJhfu/ji54B/e5RJrow/d7n74NjnEkwO1mr+Xs10VzEc655ZTQX4bxWc1CjeWU4n+fhHPASnTXdkbmz22sw/TBMP1w/pD9tGaWNyIGZeudKdGZUytothkSX/yKDdjObbQNqOVVQ44Ji9R8badCOS7fgebxPebbcDx6t9HzpO9fySRxAhPP3TtYm7SJrZ55vRHNJOGdZO6jUHHhl7W7jfRSizy8CJvocRKee05D+sG7j/UXLKHaUNGCwQ0+RkCCcQEbhNyqpb/lpSO2ewxM6FwQIAmqTfhIdRmZsBjdd6PeabsUJnhP30CsDOhedm37vJDTHi4kOy5npwnOf4RzUy9qBR9YORNbONHerc96SK6MZx3txaMahG4fUfZqZvrrRZ1BYLWO+SgchSVhVFdDb9LBkx6i2UiSk5kMoaaljBxRFB+3atxZ1JHSIDjql7bhcS570s/fRzH31qBAdnj84Bs+F5pV5u4jmXppzy+tV5z/LmnDcc6+sHYdzQkTnqfscv7027UT0qYd1cvfnLNN0kUakcpvOG5DRSkzv1DbdfEhiruIS4LBtYEpOQJ6DaHl4WayTaBJ9m7Qd1617rqV8vfu/GwH9bIXoL7uaC8tn3XjuUttr927CAa9wLjT3qs655rwJVxqr2rxWZktgj2PBDIp0nrpz0+vsYttrmSaZIo1ItFmbItZVUwDH/K50j+lbARRSXS/U00y7UV10tLT0Tu+LEF2iZxKSH5GMt2aD8wuOCRs573KF6A94F054LjSvtRxHTdour84lTTjvcM5fgJ7KYzMzNffREdOh+dTURuN9TW2gu/l+HOhK6nw6Kkz3mSJ26FvTG1IuW3pVC/SEuuhgp94bnNuIJtHBTkk7Lq2wxknDXtV3qzJ3t+t+b5IV50L0iptqOERxLsK5sFxU5z7COZDfOnf1xrmi647ba7REn6M1+gka0rnoFatmbpta/qoeBgWhpjupdl+cELnp7ZpmodqdUtFVby4m1KLpk1HSkID6JsJsv1pWEdclury32JuVPBJdK7Ul+trZjYj+kRvPRbd9lnfhuOcQ3bMHByTRXF6dc81FOJ/Zg3C+MXeCV+q8Rl+kRTrbvSZ6cTD9kGeR/rxlHtG8kRPJNPfDvS0Ox3y1Cfr0bbAPqUe/+JBKPA8RNdEFYY23PdqID4Ia5gpGNXYV5LxaM3Bi5ayI6C/z4px320XaXu+eGjxniJVwnp6rN+FKYAyiAxHXy/NlnrkjpJ8R99FZSN+oQe5oaMUZeORZtM1Wr86DCR+9roieJ0lsiauKnkkRoGUv/PYUaVb0ASIn+qTCzQ29orcRVeJJSzM7akRfFhH94KwbzMUqmQ+//unitevXL1/+3Q83pOy5scebsT3UaLjNX8xsnJ0r+8gWzLgRfeHMCaftPgXWPUR/yTKMSHl9Maiour07JOtqK48ilJPMEjXRQU9DJ2yfRiSIsuiCRn/8KZ91U2wr0Sx6LEUU6ba082J10/2giOh/c8+d8hyen9on9qNX714Dzl50dgJ8/xqfPIGj4GxvwQsb0ukngP0tYo6UM2qGb18rYciMO10GB4fGc/5296k6t9eQuzs1OqgU/R8zq+LkbST9qtu9cvO6bFFX6tiUnQkQddH74w3V7LAak+wm/gg0GTd3xvz8LWaJP4IGH6uRs7Szo3pd3FFH9KWDzg4WHPyu2vl3vGbGifkTxQNsXJwzHRKK40RHTlDVceYjImE49MbVHRc3DMnH3ZFxuHBK/FyC8DCcR3d6heZiaNwEHyWF1F3cR58CDzfWxrU4oIMh4pfBtL8g2x+MEuDL9A4Nc1Zi7UROqMlf5MRuu+Hq3ijZlOh2Y0OzOYWmp0bRnyRqZC0DvFK1o+Wsm7o/qLh7Dj7a5zEc0jnnmefUd+DMm2DgI87jMJ07zthPP/BYzi84sAOdms5OdJcq3qNsjBSOEhWdwne0AGf32hHsXmPNONf0qaq2+61WB3SQJv4JpPsbWberK+4nzXMVkiSInba/vD1MFERXe+JbVl6p59oV/uiUF5sKwlukmrdFCdEuOmgnSqQtA+yoFH1ViH6lwnOwz3vwhKM3U74Iyembj5FCFGchHRRHxtk4KQomUHDR+TwpMe7Z+cB0h+9489kT7I0XE54juu50BexxRHSxYMZT9L1WC9lJiJLruUzdIJAOJwhQML1d/u80ZnuUKIiu/Kzmzl67nmC5sNKfW9OLXEBX3ewm1jZIFAgae5Z1ImmZ4Jkq0d0a/QvqudiT+rfnhBmetfOLKNHZIeI6B5rjGHGnT/CDX3hxDty5cXwQ7Ojw8CgubOQz78OJSVKjZSE6Xxm3IBXdaiV2mCgy2N23q79KgMz2tp4ub+XkJXhfwwxfTjpOlERXD1mpyIDt8f2yNUqUCDS1PFEw2OMR1u2h7gRRIqhh+FxLn+S1w0v0e7Q8F/H84z885rrzd9654Ow+vgFdOFxY6g7cKp2Pk2KD3XkbriB0Z+NlgKs6S9zxGVcc9MRMx6kkVsC699ER0Z2Fcd6p+2tWS8lkSTMkQtlAuLs73N45GCKqpLb4eWhMuEGlkAsQH4Q2+3THUDjY27+h5kBfN7Vch+hgm/+v1/RAUljY0dsTThFVghpGY0k6Kgb4j71z+ZFviOJ4zfQ8untmzMOMGYwxT8QjEu9XRLzfr16Ymeg20X+BjSAWJMSCRFgIsbJDJMLa2los/SVi5XvOt+r07Xa7teq+3Rf1uX2rm9WP+DhVp6rOuS1H9D/8KRkeh3skt2Yc43mmjQOT7bQ9pOAU1oIVwWE5F+wv4RHDfQ1Y+Vyo5YovJSXAbTqu4yud4pC8vQbTub32Rn5Ev8pNli2IOlmWDocLqysbA4J6fX5IT0f9L5msHM9szlw6V2tEMRNx7y2HGv7viv+zmuJFir7VGJ7LXEFcl7NG/wOSE4j+PYrG5YhOxSl7C99AV+l0/RxgaNLxc67VtdizpOF8vefAKVWn6fj4qu4ywnQN6BhhPEUPLZlYS4qi50f0W9yk2VlqTJYrhynAREF2q/nTkF1oPqLo1ePGhKDo+ezUGhNjdvx9bsm1rihu+2tEv0eDOfgBov+cWwWWjnPq3pLfJvo5Rt+QSRo0NZW2DpD7XLfSX+pCqzzLYHtrhEGdI4/LKO+Fa6o8Gce5O+gWnQF94hytNCbJtcNd4SIre0drvbHmSi5O40Un9cn9Y89EFpsrXPTRt17ZEr0orvprRP8tRPQfPv30h99zRe9OyIGWEuo9M+0uU3jfrkUKuovuzMcxE0e4TlfPmXbHq8JL7p3T9mxZd0nGvadLdJ26s2Ycd9d6Rb/ZTYH6JGfvs/94/nzp5VevXnNYP9g52b32H69N5+KLbxQvOvc9JsVsdBGi6fUBuD1HdB/PfwBv5IoeMu6t0GER+KiuhjdlZO817dQC1X1sB01z3FqvYWBAtzk7Rl2i4y8gu7reaclE0xnRJaDnZd1vcFNh69LGpFjvTTsXzFzcbZjJiV4ZmKgoXvTR/+3UXXGsPfoX0X08V37J771miXci83fZQUdMx0DJYbjQ1G8Yr0fjziWgd07H+bm7+A4oO9wW3/FDZMeQab32ipyXYe81LNJRd+Lzz/sl425y02F5pjEZrs65WFMoc9FldooXnSz3D51TFX2/Nuw/XJE8kys6Nf8aovfvpmpL9ZZ+RHJsr6nw8rTw0nPZWNNFehMfvALjOTjVR6M5R7wYwSmbMl3oSVhrycSz7ryQzppxeaLf6KYCq8EUTP61sGrRq4a5uPJLBYgeceVgWqKTIU/yr7pCebonGfebWE7PP/maouf1R6fjQH60JKa3zjHSb4nkqriaDs+Zc5fRB3KL58oFl+dQXUSX5ug2iWcyrrNIp+jWkkk8zxH9Kjc1KoWvFfOr0J008ihedLI11mg6Hxn0rqmN8x94JkL0qM5d1hK9UO7ujejmOciL6BbJMehXiwFdwIiATs0puqK7a/4EbDPcamEeTgeG9FMOdBxw2n5hVSeyxSH9pZaP8g/M3OWmSPGz6MWD/P3scXDZYoToYP/SMS5LViNEp1Lji+lLO9ujim4cD5d0KZjHeyI603Amem4yjobTd0NE157Jus3GzugYLBMHyzlnp+iZFbrm2iG7hnP2SMcrlvsbLcFz4JNxEN3utPRG9BvcdDksdmd5ZrnfmZHRWTroW218YtmJPRcnOutXjO+QQpTo8VeeDlzBMB+XjejUvJ/otrlmeTlqzlScPhrQ8aV6I7LLMRlEd4nmortxyg/gOp0fdktnP1UcfbUKFCb6OxCdXZNpeq/o17lpwgoGxXFFxeWztdIYmVUXITqpzo9p3l6JE50czI0r2TlG0XnMYTCbrnCe6Y7o1JzkrNH/somembgzljOcK/jR5tnXNmRn9YlMRBfDfTzvnJURzyG4VZHiJ6jO/ugf4sAM1+g5Ef1xN30KC+rHO0WGs8tdlOikAjNGZ3PNRYpOto7Hk2+LEz3+dt2uK56nu0U307/5RkR/v1t0qyzjZ+8YefgVXuNbvvBybOJpY2AyThLvIHNzzWbu1iRd+qMDCeb43bW9ZmfdNev+MUL6R/ln3W91JaCgoL5eLXLiOl+NFJ1URk0T8FZttOhkebMxMhsuQvTIOtrWh6l4bn20e+r+Nfnms296IvqblnU/4+jPwFrdCX7hh7+Rfp6Zvrd96l18V8uRj6PoMoaoDrWB+I3h1Idz7qJTdLRes04tXvS3upJxz7pycDT+bd3Fw+KWqPQ8WnRyOOo/83rFRYtuXDJiSq52pYsSPb6RPttdFM8z2YhungMT/UdfM+4siG5z95Za/jIt5+wdhD22NjfR8QoQHC+DOgbhNHz5oC6+i+TysmAceaWrOCS215B114j+bjgZV6KJO1lbX2qMk9r6mvs76tETVxaLjxedrC00RqCGlfFoopODkRKDc4cuVvT4k/hbbiI83ono9wTNxfS+WXfuoAffZfLO2ftZULzpvyA7p+3IyPE6Ol8BER0ExfEQmO6vtUi9Z/U903tNAzpFz7um+uiaKw/LVyyNT/O9/aFMuzw62V11o4lOrpkbNf8QL7pRma3Fz2uWXYTo0d2ZyLybDJWnLaKb6OD7XNENlT0M53piRjXvVI4DUB2PLwLrN9IxglAWkuXi5BuKS7U4v0hXyzl15/ydEZ0VZpB2Z++1nlYtd7tSMTbVF7bckGzUGhGsMBkUL7qxvBD/f5qRRTd2IoP6Eu4EFiC62xulfdVYl+nZiP4N+ap/RNc4rq63OGpMt+upraZl49oa0YEZboVgRXFLx/nzrzpmq8BiNLhI9xGdnVrouVxTLdUCPav6yhhSVAcuh/hSEvlVmUcXnRxcHhPOr3FkdNHJSYzqm1uuGNHr00/FkWcsosNzH8+/R0TvV3jiLGyhd9eYASz2zAGfVlsCOg+4Szyn5oaP6RhZdiIYL11U4TpFN9m19xqz7l90Ck8wopdrgZ5VfXY01VfW6+6fcUJbh2Zxt+KGEL1A1RdRFHo40YtUfebIuUJEBzODd/Mmx5Mi+gcQ3TyH6QPW6Kq6Ko4Xo2biNN9u83fO21kA9qXQuaEZYjqB5Bx4nwWDfjERZ8fiaDvG96Tcs07dEdC7RS/bAj1DlSUeopi/shKxFNtYbAzNyiVVB6JFH131Of4JhhK9ONUvw5yiONFXB+Vf9t3kuOpJP3X/xjQfJDrfUEYq3GBjdRl9mi1O3AFLu0umHTS74nl4PLyeiudUX4Ex3V9TxdQd22u8vAbT2ajFi16+Bfrorh9fve/iqJxsDxnFrl1zbryik+Vrh9zQnmedqwJEB/XZ4+HW5guHjkSLHt+dadtNkls/CKLT9B7Rvw2iW90JPuq57Kbji/P2MEJ00MYXK0mx8gSED7G83TH9gkVl7I4qqz3rCViWjvOy86y7mK5T93cz5Z7LuEAfxfWl+UvqbhT2Zy/721DKVUEhooP9jb91/VL+r6wY0Un9ir9zvba5WnUuVvTRuzOduInyBEU3zQdFdJpu19j0ErroTsPxxTW6hHSekrFluriutnPOLh9oDjAAMZynZl7pzN/hu0e213hN1dd7huZe9HIu0LupXjM7VOH22ubsYcWNzvLuwlzfGfv2Rj3vEtxCPusuiv3V9c1+sWxxYTd/wnK40IfYtWx9Y+GyWr8Z+xUn+Su+jYU+xKXIDxoktyX6ZHlBRee0Hfz0/U85Z90t3d6VjzNaQARn3YlQ0/3cV5zgLVUtISemd9bnpjoMz5x+FdmtmarCCjOcun8kogMWh3y64v4dLB9e0v8/u9ql21esHlbd+Ng62lifX1xqGEvH83uXXHNQcRMD5dO3UeN5yf4Ei/PrGydbbqJU6qvr86jxXLM/hf6rXnYTYrlWQEv0WNNVdJhO0X/KE13lJrK11ikYp70bOtP2JgvM+Lpxbas74Qu7A1/n2UaAgZFcu7XQ7wv1HC+z7uyPrhH9o+w11YdKmojrQ6V+dOXqJVesL2xvXraIKuPbC3tXzG4cbRWmX6W6vFWvby2vVdzUqOCPcLCPP8FUqe4f4N9DteImy9URLdEL40mIbp6DfttrtlLP2A6/MdjMvXMlnXP3l84tlENzQt/l7RSQkgew0aL4bWl3u9TSfdadoj9SiqssiUQfKseFtESPN/2e74PnYMAanbK3rMCM1XWXNxycOQc6bdd0HGlmRA+hnKt0loHVn8y9K6www0FqxtntNZR7BhrSk+eJknNUTEv0+E22e6g5yV5qsak7scYNbL4GKHu2rrvAGlJEjsvAeGL9FfHx9dw1oIPuenGh8gQ817bJnLqzlFQQvcQba4kE2C6mJXq86ff4PJzwa+4anak4M505OBZ75ipdR994DZr7+pAYGdVtf01DOr51EMs5cpWOFTro9GXqnHXngRkV/V0/dX/CJRJlph7REr1YrnsKnlPzX/uKTtc7u2tAZ/ECs3AI6RSd91Q1FcdDsO3QfY2OK3BcRj6Kr+puCfcQ0jNT906FmYddIlFqtgtriR5vOjXPFx1CexjTeRm9b113gFgOzQV8+6OwCmtPWO8GwnwcXlP9gudgs1l3nnXXSy0fSaeWO10iUWp2IlqiF84dT1Fz0L1GN9EZyK2wu8byv9Z1b7EbUzjwzpNxvI7e7qkDaw0WX7Hb6NYiPVSB1eE9W6Mj646NdEzdk+eJ0jNfaEv0+Nm7iT6wbTI/mWYtkJ3Lcx/LITZ054EZao6PDkD8tjqwtqcGzfUBGHnQXQYG9FdR113LPcPzL9ioJXmeKD2HRbdEjzf9V2XgfXTO3c10bqBjkLHZ1JfnZZh3DxdVYXoXzMSp7IPrunPmLh0ceNQdJ2bgeVqfJ0rPZlwfpuK56jnR/Lff+mbd5cOvll+o59Z1Pyc6a2+eq+VwHiMFt7m70FvX/ZVsXfcLzcdpWXeJ6GzJhJD+Vsq3J0pP/z30uaqbJjT9t19/y4vo2VQ7LcegmrORKkZEc3xJ+r1ttaRY/bXtv+C3JOIyovObvRVDHdiwiW7VnlkcMpOMS/vnidJTuaz44q/xpj+PgJ4vOuF1lpYl5fyddKbbNaxb0p2tGzDgxSAR3Rqv8b1gFOfAbDtHKn7BSTzQiA7P2U31oXQeLjFllvcq7m9YKEfFiX48/1fR3+yUe85uprf8SVjA7XNGc8A1OqHkPhXXtK7J2TqwLPZMz1/FL8ithBMzPBlnt9eS54mps85eeAOYbTRKdcz9L7yYG9HNcSousTz0VO1Ax2XkA3glPXunpd1x3dJx/poqHk26q+GM7Aqn7t705Hli6uwv4T553Q1gt9Eo1zH3HNMHTd0pewuyt+weeoucsS4kH7FbikmFzDsVt+7oNJ2I6LBbbRfHZQzBnKYzorOb6n1Vl0hMmb0GWFqtuH7sLDVKureW4bqHBpZ7BvqL8ZzGazg/E+dDEk5eDeXsj463SdlDMo6PLNQ1DcdjcTRdJafobNQiFWYoeto+T0yfrZpX9sTlU0eFn7LurWWo3tfvCGynvyIG1oyzis/WkgmPfqC6PtBbHzn72vSS2yqdvZLx8rKqXmbBxxef6DRZfP1LnIx7KKXbEyVgrxHYrOfl26+uNfqzWKY56b1e9O+y++hmuzxqO3XXfXRWgJWR9Z55KA5fzME1w7Rd3zYG20jHI+tzXmBjyh0/guTyJRFdknFp2p4oAxrQTfVr93s0371s6p2Sh+fuh/IjOt4WTbepu1qOoI6Xd9f08hplt8oTL/Hba07H1XVTXVxnMk4dx0cH9RyFJzBzT9P2RCno3TjbvKS+5sjayRWLjYHMuHJRvS+nlJQVheTILXS/Pm/KAl132VgDlk1VdYWOj26uWUS3qTsfrs45defmOX6o6Jn+6GnanigHB3kT86XjzcvnZ44bpPwp9wx39opuVWDFb6be9WEuLvRNxqeptHlshp1a2py+h80167LIVTpefqnjprv1R8elljRtT5SEIbrRlH0PvXf6ntupxaTHLwZ0noK1fFz3NrpWe9bT7qciuhWMU6+pt2biCPwmMNwOzED0NG1PlISDxgjUtlwJqdz5dvcaXb/1t15OxRCW6KBlZ+MAd9DxHSrA6oC0exueA4yctOObxgO9vmamM54r96VDMomyMExAL/Ep93xuva+nrjtvqLKhgyXdz5l3xw+M3FgLzVp4WqYpj52L40eGi9A42epNiOf6BtfBY+lOaqI01BsjMFfeNgQPP0bRuxukS2kZxnMA10V1wL4NwLo4qOpNoJZLWGdAt0KwvmMLHc8eg7WAfvu/pRdL4v/AEF0sS9Nu7R9Rvf3NzBqdgyXeobs+UBxy2zY6/W437eGdlqB4Wx33eTjznOgxmXA2Dtyfku2JErHzX5y4e+6+30d0s139FmB2aLIoM/YWgObivN1o4aenazI+wPqvQXO+kFz+Dhzn57F7XSJRIkYJ6Juln5ve+4BpzkDOJg5WeEJehnJupLckD4dXP5qMk1djuSlvDdIRxmUE6jlexnQ8t6c9tUSpGCWgz5XhGvrfUL3zAdtV4865yE7T8YrqQtNXk9IvfOTVHXTJxzHtzmhuYCv9Fbu/BpiRYx7u9pRrT5SM+UY8R+7fQOXeB85C42R5iUhul9LPhWA5gN4c9V6LWN61Uuci3fbW+C3FX4VXr0+aJ0rHYSOeWfcvoXLvgy+fmencWiNqN0VHUOfems7dgUhOz/GY5RjCYRkdwrydh+JeTZonSslmI5p19+8BqrMArNjuR4byM33OO6dlhJcY1FlJqsv0tibieACW91r4+JpxSfNEKTn4H8Rzz8M+qp9lV+gs744vX/Q5C4+6+2k7XiJ2c8h0Y4LoMlx/Z0rBJcrJNSuNODbcv44nbn+NG+msDxkkF8ebDO/NcGBGxJavpu+uCFR3v8Fm3VqoO+P5/fcmzROlZeuyRgS1ct1BH5bqvfefESsDq55Tc7vUYkdm8PGKn2aur6nmVvD5Fa098didac6eKDXVvcY/ZuUa92/l1jsfFMu95xh0fX6mBd1puT8ogxduE67Rqbq1U7V2LViZp0NwifKzuvRPb6b+2d7ZrDYMw3A8tKPrRjZI2UcpIRD2Ueg1GFNsjDGB0vMuOY2Bn2DHvf0UWzFjsC3s0trVL4mdB4iQZEX6R1A//4Ut02EOLDp0r49u4cEhM0E52Q5l9A6ecCaHONU11R79b0ME0VPPLl7Gcx6vOx+Ytsx46TVYYHVZOvau9ZsNoskuW+9xa2e9lQd/rqWgkJ2Ih9titFcvEjlyagTTr4AfJxW6WqwL4oHe0MMcqa+F9Dc8h9soThE7ERv55GpMcl7VWUI0Qmqsobsw3rt1uO3gzL14shda7IKMgzNyCtiJKJlf/3UAf7c+3u7zf7MVTIG1Y3YO+PY1uPyOwsmhzrYxku/JyImYycvZjyNfH6tllixzMHdp3l1+jhbuXrx9Y9S+U0zsKSUn0qBe3599Hwh7s3rOsxOgaQXnjEmpjNHafuidUUoyxrloKVQnkmOaXz6Ui1VVTBbl07I+3Cf+CRWg2ejcJux2AAAAAElFTkSuQmCC" ++++ }, ++++ { ++++ "name": "cs-haproxy-bouncer", ++++ "author": "hellracer", ++++ "logo": "iVBORw0KGgoAAAANSUhEUgAAAQQAAAEECAYAAADOCEoKAAAgAElEQVR4Xuy9B7gdVbk+/q3ps3svp9ecdBICCYQSepWOFEFQBMRyvV6xK1dFUFSwYgEUsYCgoILSa6gJIYXkkHr62efs3veePrP+z9pJMGDKSaLe358z6+F5eHL2mpm13rXmnW99FYHdbARsBGwEdiCAbCRsBGwEbAR2ImATgr0XbARsBN5GwCYEezPYCNgI2IRg7wEbARuBf0bAlhDsXWEjYCNgSwj2HrARsBGwJQR7D9gI2AjsBQH7yGBvDxsBGwH7yGDvARsBGwH7yGDvARsBGwH7yGDvARsBG4GpIGDrEKaCkt3HRmCaIGATwjRZaHuaNgJTQcAmhKmgZPexEZgmCNiEME0W2p6mjcBUELAJYSoo2X1sBKYJAjYhTJOFtqdpIzAVBGxCmApKdh8bgWmCgE0I02Sh7WnaCEwFAZsQpoKS3cdGYJogYBPCNFloe5o2AlNBwCaEqaBk97ERmCYI2IQwTRbanqaNwFQQsAlhKijZfWwEpgkCNiFMk4W2p2kjMBUEbEKYCkp2HxuBaYKATQjTZKHtadoITAUBmxCmgpLdx0ZgmiBgE8I0WWh7mjYCU0HAJoSpoGT3sRGYJgjYhDBNFtqepo3AVBCwCWEqKNl9bASmCQI2IUyThbanaSMwFQRsQpgKSnYfG4FpgoBNCNNkoe1p2ghMBQGbEKaCkt3HRmCaIGATwjRZaHuaNgJTQcAmhKmgZPexEZgmCNiEME0W2p6mjcBUELAJYSoo2X1sBKYJAjYhTJOFJtMcKeHOjAJdtKVotKmpC1q9r+9p+mNZ3JQylVkcpqssh2tzgvzGaQTVtJ2qTQjvgaXHGCOEEN45lW0Y870Iqe+e2l0rJn/zyqh8gWBqxZlN3IufPq77sj1N/4FVyVuWD+Y+RFG0FXPpq796xiFnTQWqd49lKtfYff7fQcAmhP931uKARjKcycQk8MUdplnUKZWaEfUNbduG+d7efyaE214ce/zVrHia2zSgO2K8eMNxrcv29NBfr8r+8pmR6kcABOj2Sq/eeErPUbvrOzw8LOiUowlYH2+y2KQtxeiNeMcQQsYBTci+6P8UAZsQ/k/hP/iHP/LG+C2rJuTLgMJa3EGv/9gJ3RchhPTd3fn3K4e/8/jm6uc9FEr1tDlXXr+s69w9jeAPrye+9fiW9GdMi+fnNVN/+cKJsy7YVQrZ9boHXxm8bXVWuxAhmprpo59a1hH8bHu7r3jws7Pv8J9GwCaE/zTi/+Ln/WpF6snHhwqnAMPCTA81+tE53KzW1lZ5d4/pTxQPWT1WvDzq829AlizMC8Cfm5qacu/um81m3YM5/cg874kWc7XZrRHupWUdgcd2d0/S93frC4+/lqWPohEFC7zq2ssOaz+rNeSY+BdP1b7dfwABmxD+AyD/Ox/x29dG739qpHQxpinodlAjHzm6+dA2r7cGACZCyNr12ePjWETeqqPF48ljjOlksuqX9Ex7T3vPatIvJ0nNxUwm2tPevn6nyJ9IVII8r2rhcLi667126grGMRYfem7jw2uycDJDI5jjMV48b0HXRV1RV/rfOW/73v8eBGxC+Pfg+i+561QUdE+uGP7SBoW5jBWYmkuu1k7pCVzp8bByoVCQOjs7lV0HkslkYpFIJLXr31LVakTPZjtUi3KBW1TCkchmL0KFdxLJuPhuqQNjTBHCGR8vB14Zm/jftOWeT1OUEbJK64/tnv2/TU1IejcI5BoAoAGgoQC19Qz/km3yL72JTQj/Ujj/dTd7aWP6g1uBu0jQjGKrYDxy7Mz4g+TuhCTIS5VOpwPRaLTQ39/fGwwGR+PxuDwyMuLN5EtHtXXPfAsxhhRNpcqot/dta8PExERrc3Pz+Lu/9FsGhs/K50qzujra/x6PB9969yyGhoaiXV1d//TFxxhz69dvmuvxiJMdHR3kd7R58+YeQRAyHR0dRKIg5g9rx5jh2U2Zj63JGR+nFFnjHUL59Hb3NT2t3oF/HWr2nQ4WAZsQDhbBf8P1qVQ18ud1Iw+sLlnHIQPD7BDz6nmHdlzQGXGlMpmMC2OHk6IQXa9no3XVYmfP6FyHENIKhYI3n682W5YR8HgcW2KxWH7nsWESY4c2mo52dMSGdw4ZY8xvGx5eEvR6h4PB4Pj4eHq+xVhGezz+Dp+D0dFRf3t7+zuUhBhjZtPg+Eyk68jrFQebmpoaEkEymQwXi8VWn883RlGUbFkWVuNxqxMh5YH16dsfHyx/QqtUIeyli1cd1nrGIS3BFf8GCO1bHiACNiEcIHD/zssqFRy8Z8XQ86+XzHmmxUG3IOfPmR+5NIQqLzEMg1paWtBkJr80MTl5Rntn208EgJJlWZamaUY0GtU3bdo018E4ZE/IMxkIBMpkrOl0OqpSLrot7Jwk/y6XcSBRSi+MOOjXd9UPZLPZeKVSaenu7l61c475fN5Tq9XonaRAJIORkVRTtl4J9zSFt/r9fnlkBCiXK8cyDEOnUrlDOI6XwmHfUA0AVctlntV14+kUvuu5ceMsygBo9ujFDx/afOKcZv/afyeW9r33DwGbEPYPr3977214G89lWpufXj/8yw0l9QgTeHFWkH3jiDbHDaJWknRJmkFzrlhFkhaG4rEXfR7PcgZrBZZVZZcrRpSJOJFIOFIF+Xhwx/TDvPoLEAhYWwYnDxHdwWRbhJ+sJBKOqqI4mnt6kgghc3dn/eHh4blut3s4FApJpRK4J4upGbM7Y+vHx3OBkq4EzUrJvWDB3NfItSMjI7woijTP86ymsbyGtcjE2OilTqdro6VqFRCMhJfii28p/LlvpqyrQLeYoNMYPK4j8JW+ruib/3ZQ7QdMGQGbEKYM1X+mI3H06ejosEaTte5J3ZxbLhVntwc9T4Y4s18QBN6yLM/IePoThUJxrt/v28QwVM7N02tpjsrzfKBgGJYWj/sm/75y6BsvDZQurzL+IEsjnaIYgUJYDUHxzfcf2fWx3rj7n3QF757h8HCy40+bKncmy2afgjk/bZk1kecoRSoL81qdfz/9+J5rWgDURCLBG4aBMcYzipXaIppiuUqttsAhiJPN8fhDPI8m/H6/kgCgqolsi1GzBJeXrzgoXy4WQ/X/DLL2U6aCgE0IU0Hp/6APUcQNJhLdplR2zpgxp58oEmu1mq9e16PjqeS1Lc2RBwWGGTFkI6xpZa5Qrh9i8qICFi7xnDC2LgNXP7gmex3n9IKl1kE3AGgawcIoeuLL588/fapTuu3JoQfXjpTPsHivaCgyEDMBTxt4SQv927Pmej+mKAqrKIpoWaxPFCkqFAo1jiQYY/fo6OT5TU3h52k3ndPLNFuMJ1PcAId6enoMIpmkUilnLBb7J0Igug0AICZT4u1I3LLfYT6d6tjtfvuPgE0I+4/ZQV1BXvS1g6nTkNtvSAYKNnn1FzpdrneYAne8UFQul4sV0ulmfySySTAEQaIkd7kmL9YMI9DZEv9zvV4HihJ9AGqVoijKEgRTqtXEWi4XXpMVPvnXrfrlrCEDZaoWEj2UgVjocSsrbr5o3pFTncT3Hh/90+rhwjkqJbIOGkDTdBAdHBwSMv9+ejd8UhTF9LvNm+Pj282UIyOTsyr12pJQk+t5xLilmMuVHx7uDyPkQp2dnSmimHy36ZHoTx7fPHBLyeK6TUtEx3cLX5kV9bw61fHa/Q4OAZsQDg6//b56aw0vuPepdfdlsLOvoNPURxdyHz2hr/XOXW9ESCOXy7kUzEVT2cycjkhTQ8GnqpIrm00c0tXV9ayu6yJN03XD4ByiVTMNntdqpumkVLVANP5/fGXghw/06/9NAQYeNJBMGixGgMPi9AtfPavr+KkO/LYnxv6ybqx4hg4cx2p1AIYD2TTh2JnBP/7XCa2X7viC704PwSSTSa6UV47yOfAWZyhUMwzDSBVqLSznVWa0+4Z2N4axEu6+8/nVj4+rfK9uOuHqQ+mPnjCr/R34THXsdr/9R8AmhP3H7KCu2FzAR/3k6W0vF0EAFqtwydzATafPDd6ww2mH3JuIyCYhhWJxyDM6Ki1esGDuc4VCwTmaLR8XdVtrkaOZ4nlsmrVaKRwO1xMJEKAFgE2nqWg0KiUAhOWvpe/525u5i4jXAjkqaKYFIk9Dp0d789rzDzmyFaHduje/e3Lfe3LLoxvG4YyqgsDHyaAZJpiYg2U9jns/dmrX5XsDg4j+k5OFSDqf7ls4b9byZBLYYm1kRgwZQ4GeHuIfYb077mJdWjn118u3PpTWeSfHUnDpAv8Np88I3XRQoNsXTxkBmxCmDNW/puOQgvv+8OK2Z8bKUguHTOnYsHD/SfObrtd13QiHw2q1WvXqui4UdLEF0aKeyYwdFgr61ul12VWW9e4j56R/XSx2OYgGL1CpaFmnkwHg4zTNyoFAOgfQYeRyUviZjcmfP7sxc5rChnisq6DrOlDIhJlBavCS42ZeMrPJ+ca+ZkT8Gn74au6NrRNqj26xILBagxBYxgFHdHmeOHue56r2kCO1p6AnjDFLnrFu09DJArLqbDAykUtl5jT7vW9JCDtnUOY21NQkEeKo1WrecrnsSyto4cYifVmyLM/UNZk6aUb8xiU9/t/ua6z27/8aBGxC+NfguF93WT1ePb9Qr88KBXxrQzy/rcUDI4nEYDuwAVExdFemCqe8Nli4rKKCU5NrlOhwIdPUwSmwpYuPCB3vZRhZVVWdKORIcJGiKIZhtOCdfgCGwYmTsnFcuqrPVauqi2WoMb8/vAVzNE8pddEB5bKHolKurtjWAEINP4V3t9HRyUWlqtZheN31eh2FKIbVy1K5OVcqz434ghva3MyrczpDK/chIbBDuWrns5tqd4yMp7p5pweXalVPIOirqoruPLLN+ZMzDm36RiKRnmtZKtfW1raWKBBTGDvTyfoxbhcz3OURtuwXuHbng0LAJoSDgu/ALibKtHQ63RqLxYbJV5SIzeRvtVrNP5atzlw9UvzyE/2l00zeB5SlA3AOMAwDAg4EXzwp1umk9Vw4HNaIyF0oFBzBYLBCRkIchgqFgsBxHF83TRfNsoqczzeLorjl3cFJk5OTbZl6fVl3LPak2+3O7JwJxljYujVxusMhTrS2ht6RUalUKvm3JZOn9cbjT3izWQl6erQ9SQc7xzM0kev49ary00NpuY2iAEzAoFoIwFThtA727yfODF7v9zvSOx2oMMZOhFC9XC4HZFlmYrHY22M7MLTtq/YHAZsQ9get3fRtiLupmscQDJ2iapQss2o0GlWJ9ny7D/8IXyh4OI3jeAwQAlXFplxmazW5KRSKDlu0KPB6vc66KKlex1VybHiyv/i1+1YkvqIiJ3BaAQzaCSa2oMnH5n5w8YymPeU7ePfwyPOfWrXxtzO7Y9/mdX2UYTw+mlbrfr+/RCSLuqb1JsYKVweD7mfCLZGVyURiSTlbOS4Uib0Y8HLreJ4vEA9IWZa1eDxulMtl53A2f8bC3u579we2mx7etmpzUj1MN1RgWRrqJgK/k4Nz+oRvn3NE55fJ0UTXqSDisAchRLOgliqVWqBe1wLxePx1coTieV43DEP3+5MywGyixCQBUnQikWBYliXWUNidCXN/xmn3BbAJ4SB3AdnMhmGIDMM0lHR+v1/KZrNBBXNOJAgUZVgKa9aKxKef5/mwZdFxWa60Gqrqcvj921jEImSqrEZRKtb1ZCQSGX78zcy3730t8XkZc+CiLVAwCRC0oD3qzX/33LZmtJv0aLubBlFUvrx26M6ZEc93eYovuOPuEiEqEm9ANJc07WY0rEUTY6nLc7nSEdFY8IlY3PuI14GTLpdVIzpKIsWQe5MYCoSc7lR+/Ji5fX0P788YvvKX4cFNGaODoVBDj6FiBCyy4MxexzNLm6zP8TxVYZ0sZ2BxhkAhjgZ1QjURkynUL2wNC3calMAAQlWRqpUxdmMF834LYxOpKtKj3hSfzdLEZbpcLqvvNoEe5PJOu8ttQjjIJSe+/zSts4bBEBEeVOBdW1OlT4zXzGMszit0O/D98+P07T6fr1ZKlVpURB+ST09eirHJCA5HQtc1r2EZtAoM5kF7IxQK3f96Et/44BuZ63TgwLAwYEQBjU1oiXjwZ05rbWsWYWJvovrOKWVL9cMmh4eOmr9g7s92aPRNkl4tFqt5XS5XPZutNMlI80yOTl5arSjzeI5NNTX5HvIEnP0cNk2KclY9Hk+VSCTDGAuOstpUKWbbvE7/5kjkn30n9kBKrm/+fWTdxgmpGyMElKUBpnDDwenM+c1PLwnLX7IslVF1tb2mU6cJDEW7aH1QA14czSsXzWsP3II4R7/IQIJIBYMl7eTVo7WPGxTn5JCWPbnXeYWX54uqqhqqqlo2IRzchrYJ4eDwA3KuJj4BgiDoCkWxVZXrfnL90D3rxqpdCueFOV5z8NTZvo8GjGKmpFinaoz78Gw6ucjnFCZ8geg6D6UOUqxDBpc7LWJ1o9frHXh0Q/4X9702/lHNpAGBBRxNAWVI4Hdx8Mnjmk7taY2sQAg19AZ7ayNp6chcvTKnNyj+GeMSliRWdblcomRJHtZkjVqt1DeeLp0bCPoeawmHV1ZkuSUxlr7G5/aPtbUF75NlGQKBCrFcEBEdZbNZzjRNUZIkf3d399Z9PZ9IKAPjmZN/+Wrmz4kycugYgYO1QNcksDANZy3ufvT4PubDomkaDMNwFQO1IF3ysEa1XqyZR42X4BMh3njGsKhJsPQRimWULTJ/2ZPbqmdrtABeDsMnD3Uujftcm71ebwOP3cVm7Guc9u//QMAmhIPcDURCCAHUqrrOI7cblRAXe/ClbX99M292yUII5gm19CkzAzfE+coKluWdDBKaCoXkMofbv5EWAwUeGZOmqXI8D5O0ClVnODy5daJ08lC6dFpZw6F0DRb53M4R1pLUkEhlIi5+yElpSiTkfcrtdm/dm6QwMJpdxOvlMu/xpCxLdESjLpL4BCVSlYXlWu4ouaB1Nrd6f+ZyubJut7uWTqcZw4B5qVz2AzRNK9Fg+I+Yp9JNgUAyAcAaIyOYfIHf2ppYMGdGy7o9QUeIoCDLzdmx1Cl1McAUa3I0W5baWIevPJHJH+9z8kmfQA13xiJPRxl9BcfpgrmdFIjLMlYx41EtM5bJlq9oCXl+xSJuq65XNIyxY02e+q+H3kx+RgYeAjw2Pn1kfDHPGenWUChLXJ2nIjkd5JK/py+3CeEgl7dUKnWTW2gaUbgLdAGzkZc2JX4wWoXZeY0Rjw6pjx0zI/JFByuXLIvrQYzYlpoYOSHk9z/OCq4R4KiqKcsBmrZ0w0BSNBpdT+5HTG8CAJceGju0r7v9WfI3YkUAACqRq5xfrtT6OE7cMqM1cN+O37YrGrbrhRrOTW9uGTvG5UcpyuGvWjLjEfVCwjRN/3gy/xFOYGp9ne2/c7lcJM8BIsq5lpYWnegYcrlccyZfPKFQqrR2tzXdFYvVKuO5piCjm1o87q6u35pcPH9GfKfJkSj33hFzMDZZPTZXTB/eGml7Phzm1uwK8dB4bnHIyw263e4iMTHm8/nWRg55jLFlKQ7WYnSOYTSNNrh0Mnmu2xtYxVvUcKC5eTKTyYT7S/SHX9ia/izl8Os8MrUPzKRPc7JsWddDpXi84ej0jixRB7m80+5ymxAOcsmTVXU2Y8oCC1BmGKZWqVSqsmW1MCxrFCrSPEnCc2fN77wdFwrNGs3NUTEzc2xg20mzezu/gUxLwli3aJrWLIvYFzUcDP4jOUk2i926PNTX1Nb9DiciYqKs1yGYyU/Ox8DjsmKEXl2T+q+KpLsojjKxxdKGVZGrVaPJJzoqJktRDKbpnpj+dHsT/6TXHUg7gjAAFZD3lJCVBB5VVbWjUNAPK5W0npXbapcCRjrFIa0sKaGIkxvULaeLZ82qbKkCa9HGsYdG7vQ59BHEMGJfR8vzRPG4M9XaTpgHxzNnuJyORMTv3ESIJJfL9VIURfIoaKZp8hSly4QgQAWYmBy7hG2ekfJivDxsyZMQjWobtoycgRiU9XLUCM/zxKOz5nA4RFVVOZ2mmaZAYOwgl3RaX24TwkEuP0kewum6AE6MVdXgGMYt7fA6rGazY02Tk8WTwmHP625KLGgsyxmG0ZpMJo/t6YnfA3UAZySSJwlRa7XaLF3XqUAgQCIbG62UnVw0obBnzW4JfQcAyJfvnyL/JnPqzFWbxj98/2ObP183eZA1DXhaBMFpgK5SgFQEFoeBMS04aZH3b2cf2/Px5uZAdipWAmK2HEoWWzcO5C+7+9Gt39JMBBalA0no6sSGKRkOmjcAKOIsqcpwyuGBB993Ut//NAcCySQk+Sa0PYvSzkbul0hmzgWgHC3x0OMAoFer+WZdN1sxzWPLolRANMnpAIim64VcegnmnZWISL3AqipXxWwwlU8vbY1F/kT8Kggx5nI5ked5DmqATNE0iEn1IJd0Wl9uE8JBLj8xxxGTF8dxYqVSqcTjcTVZrfoFg3WYpi5U5Vq0UCq29rQ1P04iEguFdLtl0U5R9I87nXS1XC5LLS0tWqlUmkekhGBwe05D8vIUCoULSzVlTldb07f39gKvGywcfesvX/lbWed8DCuApVkgq1ngBS+wggn5WgX8ghMuPqnrWyfOD387Eok0XrqptldfHz7tJ395637Z4ryaKQHNscBrCtYoLzINGbBIA8gaXHPBwm+cd1T71/d03+3xGdmjajVlWWtr613kvS8Wi4cDgJem6ZyGcd60GNWysMEjupYppGYZGHPNIf9LLMty2ybLpzsETvJy5hscxxUqJu9wglQjhOApFCTo6CA6BLtAzFQXdjf9bEI4CPDIpSRrsQNjq6ozIkWpdNzvHyF/J5LD9hdbdCcy6aPdLn7Q7xK25fP5Fh3TwZAvslW0sCVTMmVZlshxnAtALAcC4hhJkU7SDmwdnbylycf/1eUNEqvC7rIYiwghedXW9Ek/+u2ah0sm5zBUExwcDxSjgqRQQIMKFs8Aa2A47+joj648a+Gn93fKL68aP/0Hf970qGaJSNdVoFkKGF0Cg/EBTytQNVRwcwJ88PTeb553dNv/7oUQmEpFPjRTLFzU2t78MwQgFPLFEziGSvIYDxiaVvMilIZwmDh26Ylt21rqqhrsmzv3zWSyGs6X83NjIddWmq7Wdd1pEGLb4fUZoGlaDum6SWIj9nd+dv9/IGATwkHsBuJ2nEwmWdM0cUtLC/kyYRgZYVBnp0I2arZeD4Wdo4XBQedhybLS19IUfV6VNU9V1mdEQ6G1TqOuIRFVKIoKmKbpoGlD9vmiQzsiH/mtw4nvBtzOV0Mh/8MNFwcAolQkzyF5BN6OVnxjtHL0rfe88nhONl0UtoCzEFi0CiZ4wGE4oWpp4GZp+MBJbTddeFL7jVP1dNwJzfNvDp/2gwfX/1XRBJ4CChDNAKOXQWUcIMgApoMDxjThQ2f2fvO8Y99JCDtTye8gOaFW09onkuMf6uvtvg1AEfJVfQFlGHkArYxUXKUcjkq1qoVkWmAlRXNzyoTudMaTk/na4R4XGp/V006UrmiiWvWQ+hKTk5MOp9Mp6DormgwlRLw8KRBDNLx2UpUD2Ns2IRwAaDtEenpwMrNkUw5dzIFWj7rZF6Jhx1pe1xsOSoqi6A6Hg69qQvCFTckfvzVZOdYCVNMMS2A4p9dBaYW+mHv1cbNDH+EswwGgEif+uiMUmthBCFz/5m33tre1/5Z1cOspDVwIgajoWpNq6E4LQ7ZYLnkdBj/cP1E/5e6H+28yOSdChgZYM4DiMGjYDQwqgUIh4BFtXnxC23cuPWXeV/Z3yi+u2nbOjx/u/40sMV6BdoBhAbC4DArHg4gpKBkaOFgeLlzWfMfSub6f8ghRBkK0L9BUJKoPHsASBEIdoCkAvm2bB788b2b3N8m/y+X8XKzrJmC6xDmdmbzKBFZtmbh5S7J6SFGlXADYUBmv15IqwuJW4b6TZ8U+TdNyI5tzNJpvlKwrlZocqTo9a6JYeZ9FMcjvoNd3e+nHd8ZH7O98p3N/mxAOcPXJF+8LT6b1bG4SYTEMR0XMJ64+un4OwGwrmc/3sqJY0k2TmPHQva8kn1oxqiwQiPO9qYFBc8CyGPqirvFPHBNeWNMgjLAZs0zT644GXzGqyqxyXV06NDJ8TTTg67cAJGRZiCwWSzMqxzPDPMv00zS7TRSZiRXDyuW//sumH+bUGrCMCUgmnr4kjMgFtEVBjSuAgES4/MTOWz5wYt+XyNin6sBDyOnZ9emLfvbQhvvqUgW5WAfohhtkKAJHC4AsGSgUAqQX4MoLZt68bKb/uwCiR1VxtKpW5gI23Kah+zVDjVKIt1iaJzkYz+qd0XOX0y1sNutSE0+ZGd2yCpyDSui6W/nrhuQjz2+rHoZITReKB02qAcuyMK/Fsf66Y4LLiOIQDw8TOCEtirThcAjpifKy76+rP0SZFLC8Bl8+sX1eT8D9toL2AJd52l1mE8JBLPlXHh0sDFbqfoNyw1Exes0JIelzyDSDBvAzRZbZSFFmmuPE3EObpQffSMIcy9QAaQoYlAN4pENfk5A5o0X9b0DQhgC3G7oS8PiCgxTDWEDRYjKVOWbBITO/wFBUFjgu6wJilwAigRDbP7G5NyogrRmon37rHa/8NaeqHMdTwGARgFLBNGngsAC6WCMCCHzwlO7vXNhJf23X4i1Tmf7fX91y7a//Nny7hWlWrdaBE0Jg0hVgKBZkSwIKPMDiGlz9gflfOGth+3fffc8dxwWXLINHUTT/xm2bvxMKB1exDBTHMspltKUAoqHC0bgfMWL/S0PaV1YktDaG5kA2FPA6hYb7dlRQc5ceFr1ExMWSpDMh06JCLqQWZYp1JbLa4j9l3NczmAGWluD6o+OHzwzvO+fDVOY/nfrYhHAQq337s5tfHSjrC6qKJS7tDj56XBP3Px4B1RSTa0OGjEA1CrJVdv75TfOe1RlmvkmpwFEEcg8gvQrzO9iNlywKvI/HmCgVgQ6LJ2cAACAASURBVKIo3ufzka8aKwMEhgfHv9DR3fotBwAJStpjhqM1A4XTv//LlX+pkGxpNAVg0GCgGtAMB4wBUDckcCIBrjz7kBsX99DfITqPPfkf7OZlpp5YP3Lxz+9d/xue97OyVAGgaECsAaYBDSlBl2kQaQk+fPGCG85c3LLX7EaN5LEjqSv8Ae+WgEccKNWMOaZR8xsYm5ailCQNm88OyD9fPlCfT5DCDA+6UgGKQtAb4ccvOix6sZ/WxmiaJlIOMdzQMu3gMunavPs2ZX4LGlI4F1SuPbrvjJ4Ab0sI+7m/bULYT8B27d5f0I9SipIvV5ZmxtzUhkN6Ik+n02kHEoSohbEVK5VS6ZDo+dOL8pMrxrUFGiMDTdNgaW6g1DIsme1affkhnuNNkw0JAiBd15lQKLSNKA2LdW3WRGLsurl9PZ8mVZn2NswNo8rJf3qk/546NoBmGLVc0loMq1x1eX0a6CaxYtBaTaJPWNpz51FHRL5LlHH7mvaO8msk45H+xOuJqx56bMMP3b5IieFwDWONqktKGFuC1+u0Bi2d4QVaV04/se/mpXOj+8xuNDqafD/P80o06n+5kk0uYSyDB0FMGBquaMhZf3RL4f5H1+ePIUcGDUTwijSYqgydfjNxzXG9x7VFhUESvk2sCjW329lwSFAUZd145soZ3d2PKZTAzfSgLbtL4rqveU/3321COMgdQMTh9GA6WNWqXRG3sBV5yVHfg6oqBC2lzI2UpWNe7Ff/d2PWiGqMSjyLgLa8IGAFDpnp2/TBBZ4jiMig63qRoihE8iEQCaFYVRZVqpUj2psiP5mKO+7OzU/+v3zlpktFkZpYPL/v+c2pVDtvMXylUG1/883155xw1vE3tHg8FWKvHx7GQmfnnl19if5grDzmXbd844dDoZYtzc2xNe3toUbKtOWvb7hIVdn4yUf3/Zxo/VM18MTdiMQT7LNlMoWjNU3vam6O/DWXyx3DcZahY97EACWd57NPrMrf92R/aqnIcZpi8hwxcZLkKq0+qnRSj/OmuIdZGwj4x0SRqiiKwhAxQc7lgjKl0L29h6yZSpHcfQ5ymnawCeEgF75YLPpIbYJCubbUHwwnnBwql+tKV7mmzQSpWvQ1hV5L5dHhqTqabVAKNkydpyyHt14udTkcinRMb/v1CGnIsqxkNBolbrukOKqQyuYvkTQj3tUcvXV/zYQvv7zuuljQtapnVs9q4g8RCASk8tiY+9WB5JWjufrs7t7o82Axhsh6qowpGxSNLbPhBAmIxoAxQ2PKNClMU8z6zfmznZZRuuTCJV/ZNXDorbcGTkjl1MUnLptzy/5CmM9X55SrleM725vuyRalYxjGrGoG+GnKSvIUNbxiMP/5wYy6JObhnzcoCgkMzhpAh3xOPjEvRD1RLBZ7Kxru9Dq50UiAW2+wfsfg1omPxmPuP7ZE7UpQ+7seu/a3CeFg0CNa7lKpizHreqZsnJ6va0dFeHqDrKouzhVItoQcf6nX63WSQSmdTvPk/yQ4iRgbxsaSszOF7KktseannU6urGkahTGuhMPhSSJ1JDK5S7CF2dZY+Df7G8H32LMrfzJzbtNdXdHW9YQQiImOlGR7/I3RK2/99XO/El2sioClLUyBCQap0NwIiNoBBfk3UVaScVqVepG94sQlt1977sL/IWnVdxZ1HRzLHb5ucNsVFxx/5H/tL4T1er1pcjJ7bk9P+6/K5dwcBjOmalkiTRsZS6oZE3npMM4XT3hZ462dWZCI5EPSxQUCKaWa9HsqNN1czuV6kaWKOudvUU1XV3er8IOAyzVIjjm2H8L+rsr2/jYhHBhuxLW4kQsxUy73OLWylKtSS9dtG7l+blf0tx6fb6VF0wYLxZKCmlDcJyR2mvlIqTav10tKssUnS+rZWC6J0XD0CUFgGrkDvV7vaCM1WCp7Ms1w6aawb/X+DJGIy489tvbew47quiHq8w3ukBDqABvpR1Y4rvrRH9b8XEMqGT8YgIFtOEXuuamMAR84YsbdFy5t+mRLSwuxbDTKy09OqrNe7H/tS5ecctwV+zM+0pdgt2Vg+Ly+ns6HSqVUK9IoWhdFxrIso5JM9GRk3NfW3ftYi4cf39VlmxxxOjpAzWazTuR0enDdcIBec7++afib4WB7siui/Dzc3NuIrrSPDfu7KjYh7DdiZCMPwADlzXrZcLhu1NIhD3a4zFxxcinHcTVV1ToDXu8an8/ZKGC6ry87kQQ2DqY/7gqgNW3+yEpyricJVwzOcAwOJM5r8gdf9zG+YYXBfopCLEe8dEyDt0RLNXSDcWiOlCmYutfrJTERbsuy3JLBBZa/tPyHxxy58LMiy74jueqLmyZP/eodrzyhmAoIFgKVpoHFe3fosygDPnTK/O9ee+bCL5A5kWK0oVJILEt65/MrVn/rfcceexVFKfWdiV53Byr5uhOJI51Os8SZqFr1utdszF87a2733VGXK73zmolspa9ezLb29nY9N9UvfLWKI6lqcqGHFlNqvehRAUSvK7Je0Czd3eyuwgAg1LudxOy2bwRsCWHfGMH4OBZdrhI/XKJOI6nPDIt3etlSP1IUxHG84Qy4c2GPZ0iSIJrJTB7b0dH00FSDbEpppTtTz3cFO5tWBhGqVFPVCDgB3uwfvmx2e+9DBlMtIKR4TIEzHNhhmmbNpVMMizDnQQYlWZZSUlW17HK5eIyxR9Jx8/KXXr352KMP/++WaHTLrhaK59aOnPG1X738qEkZ4EAcaBQDltFw9ttjI5LEB0+c86PrzvtHDAQJ6FJVpvO519b88OSjZ18Vj9dTCPXu8aUjRFoqgVNVa1w06iIJXrnx8fRxra3RF3YNtBoYHV3kd7m27Y1c3j3QVKEw10SIbfb71xLdy5ubNr1fV3Tk9oQGC5ieqSE6YGKr5uepVQtbQ6v3RdJT2A7v6S42IUxheYeKxfZKnel6sD/zSKWsOA2GQsfGzHtmN/N3zmvveWOn0o+IqRMT6TOdTu8Gv18kov+U2pahoWNqluU8tLv7+UReDqmWLqYnE0dE/LG1glMsKWo96uCg7mTZDCgln8zyImadGSfGVqHgkTo6wKilawGDZ8SaYnS8/Opr31p25OL/Rgjn4vHtwVakLV87csYNv3yxQQi8RYOMUcMMurfGUACXnzDn+1efs+B60o/EDjAMQ2kaanr+1bU/O+64BdexuyhE330v0j8er5uZjMdX1Nioy4ELGEt4Ml3p8rNsbsaMGSQvAmwdmZxV1+iWhTOiT08JtB2dtm4dP7+3t+XxnX4aFYyD1clJR7KGFj26NfXDfolvFxCCpU3ep09rbjp7b1aV/Xnue7WvTQhTWFmSLKSou7p+8MbkeqVGATh5uKSF+trphzfdtFO03VlPQJKk5sl0+qTujo57pyIlFAq47c8vbLp75VvDR4aCgaQmWYJJYQ6bKiUgTiZeBBSNmZlt3o0nH9b7GT9Xz+gcp/p8vnoulxNIsyzL1DRN0ADclYo+d0P/W/99yrJjPgygFHw+H8mI1GjPrh4576bfrfgzIQROxw1C2K5P3HOjKQ0uO3H2D649e8lnSK9hPCx0ok4lk6nFnnp1+S8Xz573XZfLt9E03fXW1nc6T+3wZaCJQvW1LdWblq+euJzGUNcxgG4g3kszOYPVNbcgSplSOhwNBnJXX7josqYpkimJHNU03BSP/6N+RCKbncGY5oQieCO/Wpl8Y6hcD1gGgiObPC996ri2Y6ew3NO6i00IU1h+ogg0WE/ox28MbaiWLVHlBf6CduFXx3b7vxqJRN6u3Exy/pG4ptFE4pxwILDS4WiUOdvrIZ2IuTfevXrNG4PpWZqhAm3yQAsMGHoNRIoEEvGATQPmtTsmr7tw8TkiW54kCUlV1YwKApM1DInneSpP1GgazQlj45nTh4ZHLzvyiEXXc4ZeD4WaGl9g0p5aM3bp1+9+5T7VUhtBScALAObejwwW0uGKE+f99LpzFn2S3GM8l2vmTJPXWNa1clX/jbM7m+9qiYVXKoqihMNlPZfzccSfgmVl1jAcRpWqUlSVUp7sz9/x8HMjH2RYB6jIAE2jQDQR6Oz2SElgAfwcVfv6J5cu6g4L+0zgSsYyODZ2eDQQGHPtoocg6d9CodDE4GB2xm/eTL6c02k/IJZZ2Op67Jojm86cwnJP6y42IezH8r/w5tilHOerFgGOD5jFzSKuVLrat+c7dLvdJIFpw7NPluXmfL7S1NISfX1fZ1aST+EHv9rwyoZkvQeRLzc4QFbVRj4DQg4aZwEyLJjVIiY+ffnSUx1CpUirYtiyrG6eR1s1jfZgrBuKIrkMzIubBoevz6ZzC3q7257QlZJmIKagK7UC1vn6pnx14b0vZa9weZ2AFB1k0wIG/VPh5ncgQkyTR3W71x03O3wfQ2m0auEml+io8aKHfnPjlg/P6Y3/prWl6RGOpyss8DUS2kgaTxSgBqcydU3ytnnLdz+y4Rd/fj5xDUngorEyGBYFDpMFnQXAigI0L4KHQtI3rpl3TG9H+B15GHe3RERROTaWPKS9valhhdmZqm0smTxcy4y5q5qDNmIzdagX9LpFR7y8nljYHW9U0bbbnhGwCWE/dgcpyuL3++WxstriYKuyrJpBq2L10jSgYNC3UhTFndKCMDY2uaCtrYkQwl4/wRhj8aY7N6xasSU7h0Tp0YYAdVUB0U2qnXGgoBLwjBNmtTgnLzq1+xMiLrKlKlxWqcizTKVYq0tcwNTlmmHqmBdd5vDo5Gyn003P7Gt/jcP6ULwj/nuHS9jEW4Hya9sGP/Dd+1f/wgQdWM0Ci2u8tntFgGE4uPT42Xe8/+jZX8C44B5N5I+pVirzVc3semvbyJk0suSmpvg6RZKcpmUihqYZUXQYHq8vxYv8UJPH/5iOtfJT67JfeX515VyipNSZKhiAwGnyoFMa0KS8m8lBzCmWv3hl1yl9Xa3vKCG3uwEmk8UOl4upu93ut70jy+Vy7+aRsWuag/57m5ub+5PJJE/8JrZhzPcAmFM5wu3HdnhPdrUJYT+Wdadtu0EM5bJaDQadJH15rlyeWymVYm6/f2vE6yWxCJDNZpsMw+Di8fjbSr3dPWoSTzpu/0lq3YaJeq9m5oAxBHA4nVA18oAMF3DERwizEHVr5tJ57KMel2oC7Wv3eUIaQ1Xybpd7G8sxG50COy46PaW1b26+zeV2TXZ0RG53ATPq8/mID0TjrX9y9eBl37pn1e8NpAOrG2CyfMMfYa/NlODacxbffMWph3yV9CNmUY3ReEZjQms3D9/I0pTU3tn+Cx1jC2saJ9Xl7ppUnyXLakxVVaquaZSu17LrR/EJG8fds7GBAbN18naCQyWEQOIvMKjgAD9Dqzd+qm9uTyQysK9l2TYysrC3o2Mt6Zcn1pVEehZN06ZCUwG3S+hndV3eVX+yr/vZv29HwCaE/dwJxISWKattrCXlWE3j3bFYBmPsaqRHTxfbdamODNYjrkpaV2u5UT8db85zhi4xLC4yDKueMyf8/V2lhizOur/947dWbkpasxhaAaNeBUH0gGZhQIgGMC1ArAaz2yLD157ffWrEssrYYVlqzdtB8ZZsWYpOaiiQAiomLXIvv/rKz7s7u55ujUYf4DjIenYJZHr0tZGrb/ztM3fxvAi0KoPOuvcpIQDS4LrTD7/l8tPnfqkhmo9jsUonnTrPCxsHRz8n1aXWJQvnfg4ACt5qVSm73UTJSdyvPZIk5UjdxWg0qv/04XV3PPxa8kMixQPoCljAAPkPmwxQSAad4iDIccqN18ye390aaZDqzvbcQOnaQllq00AgylaElCojmXTzYX1tv4xAbYtp6qzTyWRJQpR0uhYlUeKkYGw4HK7v68i2n8v/nu9uE8IUl3hHFiOUrtWClkK10WytwAOPfT4fqeD8dsIR0u+x1WOf/82K3LdFjgUwvaCpFeApDVqbgoPXHd9+vBCAsp4uB+v1fLBY1zsfeKb4401JM4aRBAJFEQ08yQ8A2KSAskwwaRlmtvhGP3PVgsM5TVMDAUnP5QJ+AKnK8zyvaRpvMAxHvP5fWrXqtq6OzodiweByYIx6fBeR+qkNk5ffePezv7OAA87SoG7xwMOeTzTEAqEjCq49ff6PrjptdiMXI5lroVBw6rpujmdLl0xmS8ceceiCb2ClVNN1vdrS0mImAGhUrTqa3W6SAbmRt+EXD77167+9PvEhhnyDiPJUcIGqKiBwFOhqDUyWg4DDCZecIH6yMxZ7TRBF09WMBo2iO/DbVckH1g5kFmu0h2JpUjFGBhqZsGxm6MELFwY/Wq/XlZ0u1UR6I3g0ciyGQtJUE8FMcRu857vZhDDFJcZvYQ5mb4Rk0s+43W6XjBAFJuMKe/jxd/vOP7+lduWPlifvoSkWOFwETLEAlgEe1pKuOtT9gYBbSLl4sezxBIuqKrO3/O715VtzuEtWyo0MR0Bvz3jEAgckMpjiNJjbFRi56vSus7ta/P0kxDoajZK07Nvl/ZERruTzCaRK8ksvrfr2okWH/1gQrK3kQ73zRSHd/vba4HW33vfi7USmcCJLMWiHQKwIezo2kL8zFAVXn334zVecPKNxZCASEsBGRCow9785cOJgInHyIXOOu2EfUZPoZw+8/run+0uXkeoTqlIDzuUAkjCGtVyADRlMjgWfwGpf//iiOT0R78BoPj9bq1YFoyp7ftcv3zFQQjNowdOwuBiqBCIDcP4hwdvOO6Lts7suYSaTiZmmaTIMQ/Ja4h2JWKl9WXumuA3e891sQpjCEpOIRtXn0/VKhW/xJGoIzdHI30jogd/vHyUVlXb1CHx5UDr/rhdGHtIVmfgaA+ZdYGIT4n6++PkzYr078xGQr221Cv6v3/XSms3peisplQ4GBZihAFsKUDoFmGVB1yowp801/In3LzmjI+4e2vVZb+G3uDlojkZcirly2LH8mWduXnr00V/vicUasRG7ti1bkouf6U9daWKEkSphTAmggL7dMwkTO+R2CcDCFmEkCpsWoymy65TFvfcsXdDxlx2/v/1yDQ1Ntr+6dvVHLzv/fTfs6UtMrAEbAain7l31u8dW5S9yCl6gsAYK1oCjDVA0Dlw8Awbo4KTM+jc/u2xO1y5+CJkMdt3+2vDqbWlpBhCvSssEi3UAcZ+4aFHkp+cvCjXMoTvbjlqbDZ0Jy7IM0SOMl8sBxeOpe7NZdn9T0E9he7ynutiEsI/lnJwstq8tS58Bk2UQY012OKk/zm6NkHTqHoxxsyAIhYpstAi0lJUkyzJNlluXlD/0hzXFG1iSIJl2gMWJoJsGNPm4/JePbe+IRFCjLgI5XlQq4Ht29ehXX35z04Ven3cYGwxdlWtet4MtgoYdqukIMTSoApUvtnrx2iVLZvxCody0pkgiQ9F1AB0YQCqFECVrlmtd/4aL5y9Y8AcPSzeKn/L+pjSwIHQ4obCvRCv72tlbJ3OzagbjRErNoE3VVCgQ+jdse98RC+f8nsOUYjA6Y5qcSdMUjWhGo5CC6gYX3rru9TNGctZhEtvkMWQ9yGJsAsvpplRHlNctg6S6CvW8u7uldetFZ3Zdtesxh2D01UdGtw2mpS5kakAhBBbrhHq9DucdEnpyWav1eUGgSzRNq6IompW81EMLuMpxXEXX9YKGUOytPPUJIjRgy6r1xehfzohGh/Y11+n6u00I+1j5NRP6SX9YtemvpZLm5Jyssazd89OFvHFrgbUOZwzc6/f7J3mnOMyZ6npSTYjc7tktlat/+Wr6LkvTwEQKGCYAMg3ojoey3zu/q+XdL+ZYKjW3VJEC82d0vTg5iR2msyIImqarKs+xrMzoomgwkkRPpIqLn3pl9cffmuSWGqzHYakI0SJW5brEOEVeIhmdqzVFdDgcspOnZTA0oBmlZCKKPe6Qlvs/cs4Rnz/Qjf7SqolL73ti7c15meqkQavRSJM1hKlCBQUDXlcdm6pO0RQwrECTClQ0gEXTYLY5qxtOW9p5W3DpkscdAJRVLPKWP68wpZAoqj49FkMkTyQQslFMOjK/1b981zESieXGvw1t2pyq95KK0ZapA4NIslkLLjg0/v1zDos3XKpTKey0rFKoXM4u1XXTgykssxw/mVSFBU8OSd+ryRJQNAunzQx+7n3zorceKA7v9etsQtjLChMz45qRyin3rJ14oqowAAILJ7UL9xwVUD6GRDHupN1qKOQg0Xokmo/UAmic6V/elLjy2SH9my7KGjAMlw8wFkxN4kWRq1x5ZPNxfj+Qr3ejLBs5bmweGDs1EnAtJ0E9RFeB5iBS6fht0ZwUKYnH3VkiPr82sP4jP/rDylslhmGQgYBjeFClOgg8CxZxRaZ5UngWeBYB1jUwKTcYGODsJW0PfPmKIy450A39/Lrhi2+6+/E7yjrv5YhijwYgLsg84wZsqoAtnZwywKJowBgBSbhI0ju+f+lht5991JzPE7fmHcVqSXUlMm+CGcm98LZn1OaB0aP6urU3SKDUDrdnlANwPvJK6q9bxrOLBHegyCBLogzJpClK6IvQz563uOtTu1ptyuVyQNd1sa7rPtAAD9XMY/+4Uf55WVbBonk4d77/R5fMC+13sZoDxe3/b9fZhLCPFduUSMy4Z01heVnlYgpFw9kz3DefPy/2VYwxn0wm6V2VdsT8mBnbFuE84ULN51NbUeMlaFggxrLZpkRBOmlpX3sj5+DOwiVbRtOX0Dw/2Bv3v7C3oZB4CpqOUv2ZsVO/d/eK+0uaSbPAgoJ04BhqR9QiBUYjrwkAi/B2CwWigAROnzrPf+8NHzrp8gPdoE++kbjyu7958k6dD3KmqkFD7CHHIVQHbGnAcwwoqg4G0MDzJD27Bdgy4Lxjoz/73PtP/sSO+RICeNuV+92FYNNppVuqDLd29s56Bxbjqdq8UjHd3hLretnvR2/XbiQEMzAwuigY9GzcWYOBKBWxA2MHdljVarU+ni+d+qdt8FDdopFGC3Ben+t/3zc7SGpC2G03CNiEsI9tkahUgrmC0oYoRke6hurlQjTscY+Ewx5yJkfEzr/DJOkZH08fK4qOLeGwZ8vubptIZGfIcq2pp6fjRSJV5HLl+YVqdWHE3/KnXTf67q7d8UKh5W9uPeum32z4M4l7MBHAdplkz43QA0mEct6RHXd87gNHX3egb8Fjq8auuu3+F+9Q1IY0BBaigehIrB0EtKf7XrSs5/ufunBJQ6yfSts8PHaOU+RSLdEoqXhtVasQGE5sPXP+rBn3704HQuJHhseTi1wCk4xEIgPZejbuAAfU64Yrn8/MVDBr0S5HVcEUy2JTDjPilpaWfSeZncpY34t9bELYj1UlYm6pVHKNj48f6faHJYbnxJZw4DmSJHV4ePRcvz/0hs/nXL8nExchjsHB0VNDodhWnueN0fHhi4Kx0CNhz+4JZNehNQhhAJgXqlvO+uZv1v+JEIJFIVJYba8zoBFqEMd5Szt+ev3FS9+hkd+PqcOjK0euvu2Bl36hasRDAgBTTIMQTHI82Eu7eFnvrf914WLiuDSlRqJGN27cdlVzc9tjXi+f2DI09rGgx/tiKORduycnI2IKTSRSC3mPo8iYpmCaZlsmVTiKE9i1Lpf4QiwWI1IFoU7ivrwPCp3SMN+znWxC2I+lJS90LpdzklimRCb/P6zoiXTFQj+bzGaXeUTxtXDYT3Ij7LF+AnlUulCYXy7UT6VZSgTE5LpaI79HCDUsAntrOyQE5vn1m99386/7HzSs7WXZLSK6761ZVoMQLji662efveSoT+zrOXv6nUgIt/5h+R2qhhoSwlQJ4ZLjZ3zvk+cfPmVlJtEd5HLlhel88eJYtGllLp88oq+7/RaEEAke22OrVquRQqF8GkZ0e71WO5JmIBXwBe9mGNjg9ydlYio+0LlPp+tsQpjiapPzKsn0Q9M0JViCUwKtb3gy+R2sm9aMGd3f9bnFlwCgvLMQ67vPx42XqOHUA871/dvurUr1lkWLF5wjABB/gYaT0d6+XjsLy27OVN5346/WPaCbWoMQ9iUhEMciQgjnHtnxk+svPvJTU5zuP3X7+4qha7//x1d+qukUQxyWpn5kmPH9T114+JSPDIQQZBmaEqnUpyczuZMPW9D7WSfPk+jHnVWriIRC9BCNJLC75KOgq1X5iNVr1v7K7fZQzW2x3zs47skygOU02GQgIGZ3zc94oDi816+zCWE/VpgoEsmmIi+7LMvxyUz+i9WKtMQwtFJvb8ctpqYRV1niY1CxLMtJqgpRFFU3TdNgWVZWFLNVM8354+MTN9SlemDWrDk/FlmThO+WMMaFQEAdRmjv5cxXbB09+Wt3rnlK0eQpSQiIRBdiC84+vPVXX/7Q8Vfvx3Tf0fWh5zd/+sd/XXGbabENreVOQtjXkeGasxZ98cpTZn5nT88lRFsoFEj8Q4xETlssa6oGdI4n0l8anUguWLJo5vdFQVgFpllhGCavaVoTRVEqTdOGZTGqgSRGoAXJMCCcyeaudDhF4n/g9Hq9Lwf9nkd3VMtW9hV1eqC4vNeuswnhAFYUZ7PusWr1VHcolMImzMgVCidVy0Wmu7PjZxjjnGEYSjgcTqZSpTBN6wpxmJFlRFOU4ksk0p/gHY4gTTOeXKEwc2Zv552A8ISpaZMURQ0Eg0HiCr3HtnLT2KlfufP1J2RVmpKEwNJ0gxDOOqz5zi98cNlHD2C6DQeqB1/Y/D+3/3Xl90yLbewZE6gpKRWvOmPhDVedPnuP5d1IBSZyBEMIeRs17gCcNUlfmExlLnJ5vDlFqVDtbS03MwBljLFpGAaRskAQBMk0TZ5hGMOyrNax8YmrRYcz19PVfouqApdMjp3kcAj90Wj0lQOZ83S9xiaEKa48yVtAPmA5AK4yNLY4Hg9vFUUxm8lkljkcHjWXyyzL5Yuxttb4z0mmJEmSEIk7Iv705BEkzqBWU3qr1fKSaDS2heH54NDw8Cc9HrcS8Hifpyh6OcuiomSxcAAAIABJREFUEa/Xu9fQXyIh3PCLNxoSAmJJktS96xCIhECsDOcsbr3ri1ccd+0Up/tP3f743KbP/PThlbdamEONFO4YNQgBb9cx7rFd/b5FX/3QqTNv3lMH4jdA0zQn6XoMGYbfArppcHDo0tbmlicFgRsZHk9c4PV4n/N7fK9yHDYx3p4mmtR1JMcGXQff+Pj4dU63oxoKBB8PBLwrCdzELySRSBzj57hNzkiEKBWJO/PbBXIPFIf3+nU2IexjhUdUPGt0pHBRRVLaOQalvDzaNrcp9pjT2Tj7c8Vipo+ieFbD2JTKtbgsa7Qr7F3LW1a5Hq4bTIL41QE4HA52YGDo0nh76ysOxmlSlB7CmIptHRj8WGtr+7Net/svimKUwmHn5N6GtGLLyBlf+fmqR1VdaRACNveeRp1YGbYTQtsdn7/8mAMyOxIJ4Y/PbvrsTx9Z+R0Lc43hEQmBQ+Y+rQzXnnXY1644pe/GPc1pR9JWD8dxTpMW+dGRoU/xLF2NR0IPMwyTq8oQGBnaen53Z89POc4qMAzD1mo1CWMc5DjOGB3PfcAf8I743PwEcFwl4HJt3uH4RJgKrxooXlezzO6cJHc6GHpwVix411RTtL3XX/7dzc8mhH2s+kBBnXvbs/1vlKGVp6kaXLskdtExLY4/kcuII5KWTndIPE82X0llGLmaSoUnytKyYS10SYC11hsGDmq6jEFXsWqh+JkLYpdhzLl4HjDSNDop6cuSmfzpc/vavwSaViX5APd6ZNhaPvNrd/zlNwWJCoosqbyEG668hq4CJmK86IC6LDX+5hQ50FQMJo3gvCNaf/bZS5YdsJXhgSc3fOkXj6/6et0SOQ5bQJO4AkYADZOAIw04hgEiC5FMSIAZoHc4Rl15wawbPnT84j0eGQghCILAmmbFIWliVzYxcVZry4xnKLc85jJohRz+H12duB9TnASCuywybIqxFF0yqQ4vpw/0+Y2HnE7nJCEHEmwWCARI6vm300ANFWrzf7x860sZPe6xjBJ88tj2i49ucfxxOr7sU5mzTQj7QGljXjvizhc3P5NTPE5s1eCC2YEfHeWlv/3/sfcdUHIUV9evc/fkPBtmo3aVhSIKICQkgRBJBJlgk2yiEWCDE7bxbxtsg7EBG4tskk3OwWABEgIkJATKeRU37+zs5NAzHav+U6NdvMiKCPyBmD6Hw8J0V1e/V3276tV79yIn60W0fQKlhh20xdHCqPIWXac7ysvL1XfWhH/x9Kr079SCBqbDBUgrAIdV8FgZuHZa3VinSEVFIEmMqg00oNri+VMkgdta5nd86Ha7P83E21vXXn5v00/ueXnpzRrjsrAUDYpOchMx0AzJUiKZisSlNCBTBVLLQDM8IAbg7Mk1f//5Ocd+7iXDPxesuemxN9b8Kkc5REJrTshZNdMERrAAmYOQug1SgohpGgwTA0cyJMGEa0+e+IfvnFJfLJ3e21FUcc7l9ITDwe/s7J7js7E7LBZ/knWgpJGh3QWaZ59Z3vnW1kg+mNJoEFkWGFMGAsHHDwm+dvFx1edms1l7oYCcokgxDoejtVAo+BOJnB+Aym/LUnOe3dB5aw57QWRUuGRcxQVTa6WnD+bl+CaeUwKEA84Q8PB/r9o0ryuFBtqsXOyE4aHbJlTZXk0pSlkmq54fi2Ynmwgjkc4/x9F4vQiQXZfmr3quSf+5qpnAG6TAibACmQQQ5OuOD472cKiLbF8KgsDb7en8qqbMWeF4umZwVd3rVre1qGQk2+1ZcffWGoQAUCoF0qam1Sdtb4tNbIqh4Sbt4AxTZQTg9OIEnqJNXTelzkh0YHl5+VaGxgZS8gKiGKFgapZjBnufv+j0CTcTmbhDjbiTHIgPPtoy+/01XVcotMWCdJWnGcMgmRCdHZnBleX+rRhpFAYKUyyLDcOQGKAxNnWmxq1sPu/4o39RUV/R2pXBPhNnUMjhyIXDRbJlnGNTQd6QuJScGRCJp48bM8B+N8/zqgKK087ZCWriu95p/WhHAhpMRgDDMIDGRjF+ceIA/uUT6z03FMAIyrLciAxzsMft3kyLfIRn+Ha/39HVFIPxb2/a9YeuqFIrCGbqtDE1P5sQcpLdh9KxFwuUAOEghkU4i/1gA5AADCcA2VosqhSRzEVZTg5NF6CGYpX1UAA5n89Lm8Jw7Uub1Z9RyAQVYzA5EUiCXMBG538y0d1QW+sPky+jRmsuvRAIvfzelofXbe8cLElSnMYCwgw2TVRQJCxig+UkmtYLLiHfdcww37Ozpo16mKTw9tcu7CsEikajlmVr1l86esK4J2p69Riam5OuAmVIEs4la2trtQ/X75xJS5Y8Z2qGhjFyUGyx2pC8eCyHEcLcp5l8pLoKRENzACRCoVAqEon4yvrxLISzYf+Kj3ecc/qMyX/vL1ZD2iM5FWRLsTsHzgVvvnFjLO9o2JUWxyjZAmcVuKxm6rxFgJRsKhZG5+m8rrq9Vsm49MyGM4awlWtjtla3z1eTSKVS0h8XdG9uSejlLGBQlDwwFkJFAXB8Nf3xtErmRxaHNcXzYl6SKIowWO3p0p7dFHegApikvuQgXP6NPaUECIfp+mw27Nd1QWIVJa+wrEIION7dEP3+wx+G7ydTekwhMHq/bA5ex1eOEWYFneJ6N02r4HRCvGBpePjlVS+vaUmGyNdP5GxAsxyoWgZ4YMEQNdC1nDm2MfD+Hy+fftKBKMFenv/uz0fPmv7XOooiyU6fHiQw+PayHRc88taGeSrinaApMuYkC4ULJJmKvPskMapPj5L8TWNSKqFozBmTBs777lkjf00i9f2Tpwhd2YfLN31/9inH7TPPoBdsmDueWPzcO+tSc6ySB/JyBiSHDfRCBhAtAI9YYDgBRKzA9Rc1zqqocK6wkw7naaa9kBv85HrlzR3RgoM19aLSlMFKoOk6nDXCO//CSf7ZRBWa7OJYLBazP4fkYbr2G3l5CRAO0+3xeD6EMWCvVyJ04LilpYVZH8U/fWpD4RayASAqaaA4sTiQHRZGOWcI/T0rR+U0pFEGYkWHyCtPvt1xX1NEDxlEQIWWgCw1KA4B6KSi0AGGmYeRA+zLb5977KQDdffVdxb+ctzE8Q/2sTL1P/+Vj7Z89y/Pf/yoqlIUpytAWwgl2f63LVUWwTmT6h67ZNqgH/j9fjI7+nRbY1tz94TW9vZJJ045+q8H6tezC3b8/p8LN9/E0Hwx4KkgsmVqgMgiMFQVDIYHn90Kc8+pOq3c6diRLMhD86lYOc9Iqec3Kfe1psFJ81LxWl3TCFTC9Ebrwjljg98ipeCOXsJgh8MRO1BfSr/v2wIlQDiM0UE+YtFoNAAC2LGCM6T6MRaO+XZmqdOXRcQb1WzW5NxuRlcVmsV61uuyJeaMtH3bbuOjOIexpiXtndHEyOfejd25PYZqCckqjzlQFQy8pUhJDFhlgBUYOKrB+cFvrxh//IG6u+C9lT8f3FD/ZlWVZ0Pv15l0q7gMeHPJ9ovufOnjxwHzNKPnitRuCvrPtuWe3IrkvxkO4Ozx1Y9/69iauVVVVZ+Zbu/a1XNcezgyfuqxI+48UL+efqf51icXbvwF4YxkwATVZEEQOcC6CQxHKNUocPESzJki3hRyubfzNgkqyqyrNIWzvr459c9wUqnVKMFiqqpuqhndYXfB0AD71kgfflCSuAxRb+J5XinNEA7kif3/XgKEw7AfAYRUqrtao+wDw+H4IN1UuwZIzEJ3fX12VWtsKiv36D5n1RaLxTDIgjqmchWDKhxNePt2ARoaSPIM3hVOVj3w4o5F6zvlAdhMA6EppxkLEMl2ChDwmAWT0mFQtW3d1WeOP3dASNzWP36wZ/cXr1hzvd3p3j56YG0xcEZqIPrW968v33XRH55e9k+aEYHSs6AwEljItuF+DtPU4YIpgx6+5txjSA4DCUh+WiS0qmn9BbJGB6YcNfwvBzLj3+fv+turSzquo1QEPKUXt0LJzAdwACg6CZhnQdRN+PUVoyaFPNxmwRQsWMqaVJ6mExQ3kEJIM01W5ykcTyYjA2Ta6qoMWFboWcUny/lGjmMZm9u2vdznI1WRB6j4OlBvv7m/lwDhEHy/RyCP7ACwLV3dF8RjifEel22RVRRXa5rWFQqFjHXrNk8oK/Nu6x+E67tVXzvkZW0ON1fc93znG5u7jOEUIwNtIMDAACMyoBRMIEWRhIEo6FAzk0cIz9glLauZUpXV4SiITCEusE7FbbVu5QU6zot8eldr96kCI6SnjB/0N1J52as2RajdmFeXbr347pc2PqyhAvAGCXbu1o3c30HYkC6Y0XD/1Wcfd31LSwtdV1dXjE2QnYcV63ddSXOGXj9k4AuQBMizWZY2TVsulyvTVdOj65okK5JXURJ4aVPs/JWb9RmmbgBIJCYrAK8JoCMDOAIOjBUcLAXXXxA4cdyQxncjkeQwniecayhIYpRGkZJNTGhYQ1gDFI50jS2vr5kvGIaGEKqIxdLTcnm5sW5ww11uUewqqTQdwsDud2oJED6f3YpXdXVlJsfS4emCIMQ9dutHkiR1FQoFUvjkkWXV7nRa1/VnVNrzViSw35nNOu97dOuS1a3yEE4wgNJN0A0MnIVoOlCgm2ngWR4mDAksnHvmuHOdTshGM2qtVkA+Q+mxxLJ4OIUVNS/LLgMDtbOl45R0Ousd1FDzb13LcQixjEAZHXaLt31jT3b8k4sjP2RFCjgd7ZaDP8AIoICHE0Y43ps+svx+La95rVZbrqClXQgz1lXrd1xmE6V8bU31m6ahCwwGzHK0yfKCKfJ8lmbFgl2it9G0mX5rTc+Ni1cWZhNCFSwqoBgmWAwWkEUHpKmgUxJUOhxw9VnBmZUucSnDSI2iSEtIR+OBAjcC5GEY1m9g9A5CqDvekxglWq1NdhffZBZMnmEkTVbk4RSis7RIRSr9/o0RACEIkO+d2ewf+Q5jHBxJl5YA4SC9ubNLG/dua+pPSHJKNrm7fWSAv89rFZsZi8baebsiy7KV4ziTYZhsR0d4vNUqtphm1Y4D6RWQJcPfnvz43ztizDCK1oEhym0MW9xes/BCkaPQUAowcXBg6a+vPGbygbq7vT06tbW1c8bYYSPvYtkc19wdG4q1vIILLPdJW/dpjy3suJERoDhDUICUT++fL8QwWThhmG3JtBFlj3IMB16vpw14pFsFh/zJ+p3XD6yXXhk5cMh8ao9djT37+fjbG//yyoKu6xFmAUkqFDQF7BQHBUwXCWhJwNDDMfDTbzfMqgpYN3GczWYWUuOB5W7GFJSReqZimxSzGTC1JJPLOHPZPOuvKHtKYtQtCCFd1wW3z+ds6u7urmlJm1PWxqgrs6zdL1Dp5hMHha4f6qIOKCJ7IPse6b+XAOEgPbx4a/zyx9aEH8oyNqqBl3ddNaV+Rp1baslkMl5GVXmdQ5ai5nFxp6H91GDQ96+ysrLWA3AcUM0d8ogHX1v50uY2pcE0SYUACeTxoKoqWDkGDEoAZCpw9FDvqv/3vQnHHYiApTUcH7Zxy7a5p06fVExT7tOMILORV97fePndrzXdb4BanCHoDAfU7lqhfR6EEOk70+v/Nmdi3S+DwSDZZfgUQV5Z+MlfJ4yqf6DC52s6kBkfe7Pp4Vc/aL2MxDApHkFe08HLi1BQASSaAZXSwGcR4QfnDzyzxuPdjHnFiVT5eoq3XFC0C02TLVECCGCaZjvGOBruDnucgbKFbsZ41KRRWNdFdyDgLuo9ro3oJ93/fstbGgKQmEz6qglD54yskYpK3aVj3xYoAcJBjo5FW9NzH17dcW+atsBgrtB+3fQhU2tdVDNZo2OM7QzDcLquc4lEYjQAA46K4KL++gJ7uw1Zh3d3p6oWrN5585aW9BSPw9Nls4qRrKp5DMO0WxgqXTAYG8cjubHS/sHsyfV/OFCWIdkGXbLik1vPOGnqZeTclmi0vMbnI1tx5qsfbrr8Ly9uelBDCggmgMHyBwQEUqdw8cyBf7pi9jEk/ZjsWHwaVPzXO0vvPHbcmLs9HqntQGZcvKHr++t3ps+gNFU3KQrHE/l6Ny/1qNhwC8BQ4WQ4UBEMZk+fUnWF1+kI59T4WLfFUqbqcIthGFaGYSgCCqTaUdNNU5IszT09PT4V07mglf6NwEsrC7TAB9y2taQvy5uz5z++IvKMYiACCJmrJg0/d1S1+PaB+vlN/70ECAc5Aj7elT9n/pbIbYZodbi0ZMdxNda/lrmllSJtKBzHGTRNs4QUpaWl7cxQqO4ZUaSSdrs9uT8Jsfb2dikUCmkrN6w8jZVc6WAwuLGidx99447OY4cNqFhxqOIqCYydSxcuufeYE46b66WoTH/dyZfeXzf3Ly9tvtcADUREAnkHloMHE+A70+rnXf2tiTf0j96TwOjzr334+MnTR/74YPf++wdld3ZkBtZX2lvDAIwtm5Wae3pGZrMwZlDI+RTLSoGckRxuZaRKAHoMxngQ4Ukg6s6macq6roPVak3Lhby3I5qorfa7bxdFywfJvOqtDvoWd3d3u7dFCnM2Z7lzk5QlKDByeNag8p8O83AfHqS7v7GnlQDhEFzfmyJMKhuLZJ3huDo00r5tos1mS0h2R49m6P68nKsu93leM01T9/l88X290IRW3WKxiLFwbmha7fRUBKuX0zSd7xN7Wbdp54yRwwYc8hSX8Da8/vbiZyYfPeYmr9e+qRd09JYWYNe0rr/y7le33k22McmSgRAo0//JM9qrJWiag/OOq3lg9oSKH4VCIbUP4OJx7Hh/+Sf3nH3K+KsOtIzZW8Obt7WcOnRg7ZvRaJNd1x2mJKn8ttbc+X4Hs9NmKysINkbDBaMaUVQdUcgilYxFKkeaTiOEJIZhGISQJRxPT+QAdnq8ntdjiUQVUNRWvyvwjtdr6ejG2FpGUfLe6OwOwe3fqFNLgHAY7iYAEUkmhyV64hMMEyoTicSw2gG1z1s5aQOZIciynA8Gg+Ql+kyEm3y10+k0kYJzrNsWnVs1QHzRIUkdPouPULsX6yS2t4enSk7rxr1lHO53zU9SlN9d9vyYsSN/T6bPzbhZrIVaA1qAfaV53dy7XtlyJwEEsmQgEuykInF/B9kEvfCEuvuvnn3Mdf0JRnpyPWUffLD9rm+dcszlFEWRSP5+j16qeqKBSURYLat3Nt8wZkDdnalUKsgUGNmUTCOr0I1dzVun1tYPWY2FHBJ1ERkstgssS5mm6esVcY1QFMUahlFBQEI1oHFzU9OZdruzze9xPVdXU/kA4ags5SIcyCN7/70ECIdotyIIRMBCiekgrXMFv98aJoG7VEofumr75l81Vjie83vKlkuSFNvfl5O0s2VX9ykeq9AWDLp39J0by+crqYLp6urpPoMWpO1D6ypfOhjl4qJwTDZsZzHr+nDp1r/X1Pmeqa0J/Ntr8Xb0PeLzH7f96N5nF99pmAwgTQBOUgCh4rp8n1YgSHbVWcfecem06iKVOuEvUMtVlN3FTl+zesNVs0+Y9gODRzqtKDThjSRxBkVRXJTVmrepNFuAAgE+QpHGmABumuZEQzWGtHW0ntZQX/8Hl8u+gABK33Ii250NdKcTJ4UGVi8WAUg6OJmREaZnugAgSgAkHkLnAVxKxhiZibVMimfRtNq6ur97HdyL2WynRdNEQsVuBIPBYuVo6Th4C5QA4eBt9ZkzyVScBLoI/wEZoK3dyZlWt3s7B2kz3qmMZwVbT03IVpzyE91Bkyt4GF5SGRqYbE72F5ScX8+p5SOHVhMBkk9nEPF4fBhZM0diybNMDJtGDG6440BJNkVZtDDwEZp8PG22Dau33+7xCUsGVle/YQvaPn0pFq1uvfj5Nxb/pKaqZj2D7WZOi0s6xRKOwj7lZxoRCTlCbEBhhsxkUolkxYlHD37xnJnDSXFT8cB4E796nXhaW1v7STOOH3gTQrqp6xbDNE0kiiKfN/JlNNDlkklxWLA4MTbKAJBb100/RXOOQkE9KhLpHlxfV/Ogx+O6C4CkNYHc91XftCt2XZqyj3XbqI9cItdkGKZXRyYt2PmdFRysh0TC2lMw6hQ1V1VdX78kmjVGpNLJ0Y0h/0OxWMyDJQmrVmu6VNl46IO7BAiHbrNPr8C4XaKo3fn9O1paprtralb2BvLoRAEqUi27JOQvsy9pyv1iXWv8WJbGKsKYUSnWQxsqHlLu3HjNibWfKVjKEkCg6YZYOjtFVpTu4YMa7zrQ9Lc3tsFHIcpRMcqxYUvbhSKLYsNrB73uqNhd7NMei1Uu/2TlhZOPO/bRA+1+9DcJkb1/e+lHN4wcMfD1ITUNq0jsg+d5dnNz56yeZGb05KMaf48kyULl8xThMSAp2jRNezRTG2TlRFbRzXE0bdjJzAAhbKEoTsxkc8MTiXhdVVX50x63+1HSPQAgM6ricumN1V3Pv7U2co5VklDOMGgKmyAyWC8L+uSTB7Df5Tmux2uxdLrdInk2kjlJdXb2jA+Fgh+RXR/Cx4CQP9snJHsYLv7GXVoChMNweXMsM7jO52jq6kpUMwyvBnu/xr3rZVJSbHQlCzX/XN7z8sfN+TFc745dgbODaCowtdG7+Nrpwal9QS/y70QiMQFjujGTL4xMxJNo7KihvzzQVuPaXeHxq9b3/FTBeRfNClyiW2vAkE0GAuXtDklsY3iHurlpy/gxo6ueOn1C/T2H+sgbdySnvbhw+R8ClQMjFpaRdS1l6exODzEZyT/Az71rAmcXWZwfUet9OVQufkhIU3Ud13I0W2aCPh7AcBG6OYQomgKWSaTSwwxDF8orfK+4rK75OtI7OY5roajduo0vrUm89uyyjtks4ZGgcbEikzVlqPTbC1dPrhxXXbabN7H/c+BmLLZKreU1wZquZDIpxt1upbEXYA71eb/J55cA4XN6vz2d9qxsk3/tYm3tsVy2ZvQA30MNHmHj3pp74L22lz9qM84y5BRgUwOZdwHhTjummnvrmpOHnEzW/72swEw8lToZMDOooBveru6e0ODa8uucTuc+VYsI0crGdnzuY8+t/Xtc1ShRsoGmMoCZDNAcC5whQ8GQgGUouOL8cdeePtZ376E+8kdbsmff/cSHz2YNhtPyWQh6XJCWZUCMBIKRA8xaQWIUOOeEwY8fM7z6dzStsRTPOFlDrkMUfwLDUEEAzCFSdIRp1NXZPY5lmazL6VztDXgWMqBvAuB2kmJRskx5fmVq/itrwieqBAgwAwxLAY81qA7YEz+aWlfv8VCEw+EzR2c8X7Vg4857XVZ3OyVBx3C35akBFZ4D5kccqi2O9PNLgPA5Pby1OTP42S0dL7bF9YEqIOqE4eWPnl4d/ClAAvKmGQz5/c07duxgHAzjemhN4fW1cWE8h1RgaQQyZwPOKMBRHthx1nDr9xgGc6IogMAwYkrOnstykhsDo3d395QNa6j4DkIo5fP5ilNjUmBElOBDoRDZHkAAq6iPN/qPv++Zba+lDJBIBMDQGWCEPBgYAW8CKJgHESi45PTaG+dMGfinQ33kFVsTJ//p78teUlhRIpVFoFPA8Qg0RHgTGUCMFXA+CpedOfTBE0cHfmGappXnwWEYuXEGcpxLAQQAEE0EoU1E6buaW8c6HLZui1VqFyS+C6lKj2rgHhoZqwAEZcHW3J+WdChjiHYlMgQguvIM6FDpFPJXjndMNhVqR3iQrzCNzMC6uizIVi7t6Mx95+H1bX9jVQEc9mzy4qGVs8cNCpTyDg7R2SVAOESD9Z2+q6tQc/+Kne/FFalOYSiYWi0+fVYte5Us+w2HI8F7vd5P9RofXhx+ZmFT6nzaVIHBOuisBJShwqhq97qfnVo3gfAlcpwsyLJcFk9kLlE0/ShNN72t7R3BYMD9IcswnbzAt5AEKI7jgBO4Lh7zWwQBYuXl5cmFK9rmPPJC0zNpMGmaJozIAlCMBqpBA0ezoGMWXCwP3z2t4upZk+vIttwhHcs2JM969Lktz0bVPK+TkmzKDpqeBFGQQDWyAIIXKDUOF53SOO+Yo2y34zwu1zA1BpnyTKVAn4iwLmmaxhgGQhgxRmtbu1hTW6XabJY2t9v1ocjDEoaXPvHYbLuInsILn0Rf+de68OkaMkHCGFSEgMEaHl5XvvLGU+qO3XMJlUph97Id0Rsf3ZW+UTQsYLelMlcdVXH8qNrdacyl4+AtUAKEg7fVZ84kwat5q1PvqRlwZihkP22E/5ZZDc69rs+f/iT5+CurOi4RWQZ4WjURIzBKPg8ThtV/fP1Uz8T+Dedj+co8p4eQTg3Z1dZ2eUXA/yRFQw9CFGMaeo1maCFN1QqmiTeCCS1ke2Jzl3nOa4u7fqhwBiCUB/KVxGACy7gAOLXIgszmFfW67wy9/ISJjU8e6iOv3pWccttf33tNk1hXHiPgaC9QkAAKYWCxAZgNgqkm4MxjA8+OqXM8Q9NcuYLYaYIIoyw842Y4xmBYKsOyYpRluOSunS2zamqr3+UFdq3faX0QADr776S8sjrx7AufdJ7HCRYgMjOaCUAhFYbUBJr+38zg2L3lPWxpzh7/2PbI04zMMYiNpS8dXjN7UN2BaywO1RZH+vklQDgMDzc3N4sORy1vmlFEuBT31VRrHA/duHPX7Eqfc5GakQOmKEkOydYVtODmPYVZIpFUPWNhiOTT4G2trb8JulzzPTb+WRYZCYZhOZMSAyZiVZEx2+x2e5ZkQi5a03bGvOfWPV/AIs9hE1gEYJCdetYFhq4AYm3AagW46qz6G2ZPbjwg3dmez7F0U/KMv/5zzasFGgNSs2Bh7aDiPJiUBShUAMw7AGsF+P7pNf9vdrVwR07yORCNnJihR6pImcExNMUzIBPKNFXT/J3dPceWV9Yspnlpmc9peXTPXRQSF5F1KpQuyBXtBceISrfwSWf7zkkD6gYsGxyQlu9PFr61NeazWHB2f/44DJcf8ZeWAOF/4GKydRfXaV9DwLmDbNtha9BSZoP0vtKacXu7lBKEwR2RyE1WKRiE3o8rAAAgAElEQVT2OR3zEKdETdm0IX43C7Ou64m+6sNFq9vnPPjCpmdyJsORDB4WU6DjPOimABKnQlZH4LPa1MvPbrxixpiaJw71kT/cEDv7r4+tfiEHQOoSwcJYQUcFMGkRWJwGkBygyzm46JTQbeedMO6XZPZkmmZQZ5iAhePKNNMcgwxcBSzLqAVtQKS7q64iVPk2zwvPBJzWf++rP8X8DTPhqaz0thOWqZjL5SGamYfa/9L5B2+BEiAcvK0+95nNzc2u2traHJkWE0AQBIHbnyBLUd4MoYGZrHZ1HitCwGO/3wpcs8ZxisfjyYXDYZFlWZp8BclW5Turtl30yCtbH0wbjEDEXVmTBqBl0EwRRIoFnaKA1hS46ryh153yObYdl27smnPvs5uezAEWEdKB1jlAWAZgRRAQBWQZIdIA3z2j8bZjGl23Eb0Jko+QR3mHgGkHRfENBtBHAc0HMrns0elE1FlfVX4XrZuLHH7/tn0ZNhLJBU0uI1R4Koq7BTt3dgx0uSq7vV7q0/jM53ZK6cK9WqAECF/ywCgOajMjlJeXk+QbKpvNelKpgrO6Orhzb7cmWYfRaFSkREdFKpWfkcx3DAxVVjxkw3w0Z+QsNhbyhQJDZObzPp+vsKM9XbN6R9s1zy1ouSGLWCBxfyJ1yosGEH1aXWWJshrYaQxnTS2/78KTBx+SnBtJenp7ddfce59eeU8WG0R1GVhDAkzLQKgUkCoBbeWB1gpw2njP0lnja66z2Ww9GMewaPIGonUHzVh4BaEGmmZ98URihqrkherqijt0Pd/u81XtU7quqys2mLVyZsDp3E6AryOaGWACstX2ch58ya77RjZfAoQvye194inN4dzkoJPeYbFYSF4+SRG27mztGtxQW7lsb7cmcQny/wWv1yZnMo3ZnvzI2tqqf5smIirzLpYVkxynK7KsBzL5XG06yVfsiqRmLFuXPFM2MEvUmLGGGZbXcrKMXaIdpzSsmpxu4tlTGx8dUe14s6KifJvNRnUf6NHJlD2ejk/c1i7PeGtJ29Uai0kcUdBlRhQEnZClAMMTDuSc6BJENGN08I2GgPCOxEumx8+stVicROKe1TRNMAzDQ4KB6XT6JFU3BX9F2WuUxuZ8Pss+AaG9PTzebpe2u3pFZ0h/27u7R9iEYLvbvTuJqXR8sRYoAcIXa89ia02JzLGywVZSikkj2hDGVrqIOKwCkPUA2NG2bZtHDxo0bL+lzSRBp6Ojw5mKhQfbXP7VtbW1ZEOBFPpQXV1dQ3uSuYmagVFdhedJhknT3QnLgDxCnMBCwTQFBrEq6myNT6oO1XzCO6UcZ1K8X+K7NFYWursSs9w+26oqz26q9r0dsVisMhpNNvp85iqfb1C+OayEeJue64jEG6Od8gifT9wsWMQcKvB2jVasGARbjY/eINF0vrk7daFmZLxBd/VmC5ffxHFSpyiKhqqqXLQ7erxgEdptNtt2JElm0PafWos9+9Ha2jHDVW1f4wAH4ZUoVmCta41/qyWlTff7yla6QG0bWiku/BJc+I1tsgQIX7Dru7PZwLOrWp/ZlTDHIA3BrMG+B08dGfptb9mvnXADtra2jqitrV20r1u3RaMV4YQ+QQELH483V/uD5VtoitIkCqm8qRlqOjmQ4Tjwl1ctsynpqCMUSsEO4KABtF4JtaIWw5o1TceOHj14KblPf6KUWB5X9sRaJnOGwDfUlb/Qnw+RnBcOR4+RlUKZw+NcHXS5PrO0ITsA4fbU8BGjGz4T7e+bEbW0tPC8I+iX1Z6je1qzp1QEHW8VTJ5WGVFUDCYYi8fHOuzCx1Ye2lwu567GgHWvuQJk6dTeFTnV53aslCQp2heAfXVzz73/2tIzFzMWcNKo+8bTBzQQzoMv2I3f2OZKgPAFuz6Nseeuf29fuSVN1QmMBY735l6deVTNz0Qq2y04HJXY5F3JcPvQmvoqMmsggcbP1B5HZbl8+dbMLxes7bwogxxORSey7hzocgJCVq1z6rDAnQMrnfN9lB7XBUHTeV7kdV3N5VxqVdVu3UJC707+tXl7y1ifaIkF94hX9L68bLwjPiaaSwypqQktkCQpXCgUylu7uk8VOLEQ9JUvtFige8/+dXbuqIp0mgNHHz1w8b5qLEg5eCzW7gPNZV/Vk//JJ1taTt6VMCopRxnkCyrYWRPsVCY5vKFyyWVT6s7Y0wUklVtRlGBrOHqFN+R9lTXpGErkUQEj6d2W+J8XtuRn6yBCnccevmFcaGAgQO1zy/cLdu8R31wJEL5gF7dhXPHcW02vbUsbY/KMnZ4dEv4xvsb6R4egd8kqnq6AZWpXW0t1wGVdbHM41nBUJkbTosrzDsPlEiPptrT0Qcq8/aXVsStyqgkMQ4GJEWBDgSqvJX3Ncf6JA8u9OwF20OGwlbHb7VZd1zWPx5PuLaoigUsX0WbMZKIeU8GO6gEDVuzlpRPJzKArJY+NhLtPt1qlbqQjyiJxO6vKA+Rl/4w2ZN/1GzZsOFFk7bkGsWYN1AIhf9krmUIxCNjRIUiS1/O393Z9vCtJVeqYKkqwAUnhBg6mDgws+N708lkkthKJRASKEoOapvgpCmyZPJrWk8geV1duf4kTLU2MADtpzpn/sCV+44JNPdeYnEQFbFTb706srf+CXfiNbq4ECF+C+9e3R6cqIHo1WnCX8bC2wc+v6v1y8wAghcPRowTBjHtYS3ecFoM6UuxyHlnttNaayWTE5c3qzQt2Kt9CjADIkIEuch+a4LeLyasmuSdZOdRms9mKFM+6rhs8zxOCV4NIzJO1Qi/dGFUoFMT2hH7G+GHV8/bFapTC2J0Jx6duamq6yut0bj16zPCbqP1MwdesX3Om2xFos1r57X10b/syIfnSd3TEfY+uSX+4I2rWEs1KMBXgRA6QjmBSJf/hySOd3xdpRmOsrCoSfW0ogNvN5nM5PZiRlfqKYAVZWn3KgESWNDui+lGY5hQe51O1fmspL+ELHMMlQPgCjbm3pvqv3QllGuFjTCaTXsMweL/fT7YiyYtNgoVFGrJEIiGs7IIfPbms5Td5gwWBNYEu1j4gcFrpwjXH+0Z5edzFcRyrqiwPIMsWiyEahoUQvdKEZgwhROTPsSAIemtP4rjhA2re3hMQiqQqAHRbV8/UfCFfUTWg9u1UJDIsl1e9g+qqSbIQ4Y38L+n0FStWn19ZWbaQpulCWVnZftfuZOmSSqWsf1wU37wtYpYzNADPAuQRAEdTcPJA2wuXTqk4txcsyQ4MGY9kuWNGM5laStMon89H5N3J/9f3R2n/JbvxG9N8CRD+B67uJ91GXkIcDocJCPjLy8s/k8NPukKyGt9YF/37/K3ytxDvgIKhAY0FYHQdPDaAG08uG2j1F7r0Dh1xHEcHg0GNKE6Ta8lWpQ0Aq0QngmE4AYuopycyYPDg2mV7rvdxGnvWd3Vd57FRHzud5SvtdiAl1lRHd2xyJh0PlQcCSzyez5YPky/+2rVbTq4cNWQhRKNwoPRgAgjRaIv3vo/Ut1p69JFmvgC8wEKGAAJDweSg8tLJI8su7N1BKRLX9sY3uHA4N0AQtM7+RWL/A1d9429RAoQvcAiQ2UDv16xvcBNx1P9iMe3o6PBms2qFz+doEchnXI9oqmo1slmlEVjMt2T4U99Y0/H9jEFbKaAYnhWAw1j3uqT43JkVE4M2G4m6/9fafY/ZCNuaB3+ks3OMqeYpp9vVAYyNFygzj7Md9p6exNG+qkYz6ODnk9kK0TsgcQeGsRbS6fiAnlhsvNVlW+sUA7vShmLlJD5tFHRXJq3UBap9Ky0uMXYw0X1CC3/P2x3LdrYlh4osC7qpQR5okCQJZjZK9w/yFJ5gWBHxNDLcgtAukEAp7fLFYj21dl7bUlW178SlPtf1BlHJWCbPUJJsO4wxXQKEwzDewV7an769PRYrb+lRZ2Z1CHkctm02iekRc92ZQqFgE+1udWBd1ceESn1bHIarFLDZSKzGbreFdSMvaSYXnNTg+MeB7kvut2jDrhs/WJO8NIaEeoHScwxLsgZZ0YMzkeMbbLcNrPB9oAqORhtX6DRNUxVFMUkSiGiaJlmQGVKK3R6JjV7cZvn5zni6nhFElagiIMxJkt0WHVFleeHEse7fHgwobOoozMjJssPudIR7oj2NlRWVq1QD3D4MawnNWUdHPFQoJPyGIct5bBu2KSdcFcurtXaqsHlGlfeG+vqK1v09czHVm2VpwzDQ/rQ0D2S30u+712al40u0QO+sgSwTRMput7Ym0ElvrAv/PpZHIZExY1OqpCeGB5mnvA7HLgVx5ZV+x9b+3WltjdTX1AQJTwDs7E6MqA+6CSsTiR3uV4Ptjaaev7z2QfT6OAUgIBUojoeCgWGQC7Vdfkz5jAFKuj1fUeHJ5/MVNE33AMmYQsgg//TGG8iWqP3plenn1rVlj1MQBg7lsYmJPCyvThnoevLKmQMuPxjTtff0NIb8/jbCmdja2uquqalJ9pep790dISnb/Ibu3Hdf3CzPi2EenCKCcwf5rhhi9z3Vt6W6t/uRYqq++ElpiXEwHtn3OSVAODz7HfLVS1tTVzyytP2hHGUFG2fC94ZI504eWvkieclj+XyZ32rt6t/otuaeUQPrAkV5sh3R1FgH1jr9fj9ZMuxTUIGA0EtNyfufX5S4gmE1YIw8aEQjUrRBvbXQMnd6zTEkOh+Px0MsyxZTpTHGJkmJNk1BL8qlaZqe8/n0J97cuWpTGIbmTaKRmAeKYQGbFpjaILx4zbTycw5kgM6MMiifyFoba/1FoVUSzOw/rSezmY4MuLlCRCVByo93xM58YnX8lRiygIhycNHR3nNnNAZIzsY+j3g87iCAgBBCJUA4kEf2/3sJEA7Pfod0dSKBnWsS8hWvrdxxk0zZXSbNwXVDtRl15Z5VsixroVCIbK8VYwPkpc7lwJPIJAdWV7hJHgGJwtOdnZ0jnU7nTrvdTr7q5Dyy1VicLZClRt/OwL9W98x7ZEX2WgvKAotVMBkraIwFasR8xw9n1U+s8lk6SXoyIT+1WCzZfD5vI+rVRBmJNGWQyglF0Z9el3t7dZs8WaNtwCANMKJJDTRMqeZfnTtrwFl9YrJ7MwT5rXVn67hARU2bJBVJUPYpAEGAoiMDjtZY/PgVLZEfdOWgHiSn8N06c9rQhuot+7u2r4KURCRJPsYhOaV08mcsUAKE//GA2JkoVO9si56CeY4Gk2KHubmXLRYqS75w/Yt4el9wMdrRURWoqipW+xFAyGTUukwmMSAUKifFUSRDz0o271OpVCUluZh4pK2Co6jUx+3mL1/Zon07TzPAaFnQEQWcKEKjQ++49LjA1IHB4C6ShixJklWW5aDNZovm83m7pmlQUVHR3tHRgUOhELpjfuvy1S3xUYQEhTbyRQVmRAFMqhXfP3WA9AOaZrM2G6vxvE9xOIAUPBFlpuIWYk9PYgItMJrkdHZYAeIEaJLJpLX/S9tf77HPFSQmYJpWERwAIYeD8EbsV16KLD8ikQjJ8YADbYX+j939tbtdCRD+j11WFENJpewulyuzZ1yATIVRoVDmD4WKnAG90XSuPRI7QaSZpN/vXteTlscbcsKr65TdYCU9UOl9w0FR8fc3h3/26KLttyusFzwSA5qqg45MGGBF0TPHBS4tc7Of0JLLweM01jSKKCuzPM9HTdO0y7Lm5HlrRNNSjkc/KXy0vUf2EECRWIQ106AIkevUoyrfO2Ni2emWLEiqmq6WlXyNaZoSLwgpm93SqanImszIIwfV4n8AlJPofzHzkWyr7o8L4vO6g8xGSrsMn9d6/7muBAiHb8MvpYXWlDY2lsdDlJxc0VjtftkvAEnQQem0UpvIJk/obO+YHfD7V0s2sdnndC4kBUA5AIcNdjMxrd3ecW6H4ZjOmnKE1tRMNpurZwQb57LQTQFRWclRVNbi8wFvGHmr1ZpTFIVRFMXP22wyY3JKT6p7gpzOWVXRJ2RUypNIZ2tCZd73OIbTcoZWw2hpetqI+jt6g6YkxZBs91FZTaspZLOhHS3tFwgcH6uqKn+CEcW4V5LCW9PG8Zs78pfTpp722qU1k+uK9GmlbcIvZQR9vkZLgPD57PalXkVUi59/d+fCpoRxtMTS5vAy65oJIeGPVpyKckBRdk8gFUvLJ4iS2FXmcZKsQvL1JV9IEoNAPT09tryuNzorKppdAIRdiN61a0sdYq2cz+HoUpSUK5WSBxVAGF3lcy0wTZPjOGuGpmlB15WBiVRitKIZfCDoexp0fTNFUdZ4PD6w0mrd5K6rK/IQdHd31wV1vRtCIa03vkFyMHTydzKZHJTPa4HKyuC67u74AJNhNKzm0Os7lAcWd+JJNIWh0c1svf7kARPcAGRmtG9xyS/V0qXG97RACRC+gmOCZAT+7u3mHZuTdAg0BaY0eLadOtZ/co1I7erNaaALBajo7Ok4qTLgnS9JEtFGxCSgiDG2trS0NNbW1pJAnBqNyuU8b6jptOLO5eTK6urAVpKApCiKO5HIHiMXctXBssBygRUzqqo0RuOxqaSeqrKy+mmEcIRlcbgjEqkRJCnnEIRwX/1COo096XSkwuOxRa1Wa09vlmGR0rGlpWVwbW0tEV7J9jfvs6vCr7/VYpyu6yrUSoXNv589fGRphvDVGoAlQPhq+aPYGzJDePadjW83xdCxNDLNyYOCr3/76IrzSPpxLyA4SUBRlmVfNCGPrK0KLCCAQK5t7ew83io4unw+O1GUNiOpFKkGpLCiSNFodGAwGNygYWyxcFwS4wLO5pmZ8UR8Ks8TBQeKaD50u73uhViHBEJIE0WmY9f2LWODFYGtDGON9U9XJvGAVK4w0e92rLXZbEUGps54vEpVFEt9ZeVn8inIb29siNzx3vbkFchUlWq3peniGQ2nEy3Mr6ALvrFdKgHCV9T1a7tyM+OacBTD0JqPKWwdXmF7u39X+9KUN7dEzrJbnBsFvxDOdXQM5ThrIRR07yBTd1K1GI1GBxGtxWKdQkd4Snl51Ts6JTAWFqualqFZi8XS0R6+trsrPMrr80SqqyoeZCmqg4ABTdNyToG6VCJ+VFVl6I080WP02rb1Rf3JbCSS0+qyyXiF0+NYz+lWpSfRNnxgfTWpnfivxCmytbgjDTU2BjIGA3yVhdonfdpX1C1HfLdKgPA1d/H8TR0Pvt2iXGlBdM5nV9tumDp4ZBiAL++NJ3QmEsfylMQabD6ai2X8YORjDQ1Dt6ZSKVvaNMuT8fh0CwLRbrNHotnsFFbgO71W50uiSHeS5CRVzdbldcNldwfaOMPQ9kaD/uxHO/+1KomnGIjmBtvwkiun1p9yoK3Cr7nZj9julwDha+7aZzem//XyltRpvElByKlkb5vV6CKP9GmyUjLpknVdtBpGZoesjcwzPBu02Lfm8/ky1szIeYqqdtlsMVF0ybKaLsvl81WmrFGS09sMTns6E5MbKV02RwwMEQ5IUoL8X1/+h5a2fbyoUxuPEQUTfNRHN8woyq2VAoVfw7FVAoSvodP6d/n5lV2vvrY9ewYDHFQ7zczvTm4g7MbFRB6St5BOp6s0iiIUK/G3mpIvbIyakxwCn3BwWvz4auHigNtaLBwyDF7CWM6SZUAikx+1JWb8cHNSH5MFxhPi1XVnjBxwRrX/s2nVff14ZFn7wnc7tBmUacBEP/X+tTMaT9qXCM3X3NxHfPdLgPA1d3FLV2zIyh7jtzTNmTYJt8xs9P2y75EwxmIikfDLIjL5rJl+aWd2zaIWo9HJsBDyGt3XjvQ2+v1+EmewiqIoRCKRXENDg55KpRyvbUovebctOxxTVhhskXedP6F2UkPZ7nTpPY+Vzckzt8n4XNoEvU7S3powsOyZr7lZv7HdLwHCEeD6fgQs/8W/QOoVkIhMf1ROPdBpfrKo3RzhwBRUBVDLOTMGDRpGUVpzMxbr6oopx0W2ZpL19+THne8uastONgwWBtu1tnNHlx3bGPJ2HAHmKj3CfixQAoQjeHiQFzydTtfqOqcoSiK1Nin8eUscnykgLe210xtPquMv9/l8pB6C7Eh8Wi9Aagma4vT1KyOZy1SadVdLxkfH1fjn1le498tLcASb8hvzaCVA+Ma4+tAelGwR7szlPCK2mXQOChUVVJHzsd9yhCQhkdJpEjws9Ku4LM4yDu1upbO/KhYoAcJXxRNf8X7sFnAJE41KQrxKyGKdAHo5EZ4HkFQiJ8kBkLwCQrxKziE7EqU6ha+4X/fsXgkQvmYO+7/ubjKZrEEIzQCAEE3TKdM0yTJiq8/na/q/7lvp/odvgRIgHL4NSy2ULHDEWKAECEeMK0sPUrLA4VugBAiHb8NSCyULHDEWKAHCEePK0oOULHD4FigBwuHbsNRCyQJHjAVKgHDEuLL0ICULHL4FSoBw+DYstVCywBFjgRIgHDGuLD1IyQKHb4ESIBy+DUstlCxwxFigBAhHjCtLD1KywOFboAQIh2/DUgslCxwxFigBwhHjytKDlCxw+BYoAcLh27DUQskCR4wFSoBwxLjy6/EgvbTwYzHGJ2KMF/l8vie+Hj3/ZvSyBAjfDD9/KU+ZTCanAsAohNAoiqJGkb8P4UYJjPGVXq/3pUO4pnTql2yBEiB8yQb+XzTfJ9ryZd+LULLFk91zJV76ia6YtdigAfO7mdfQbuEoYBgGKIqoTRvA8zwghAj7M9A0vVtKHiEg2o4UoOdMTbnXE6hY8mX3u9T+wVugBAgHb6uv7JnhcNhP09xklmVG0TQVMgydZ1lqBcbm+x5PcP0X2fFYLPZdhmF+Ypp4GMdxYJo6sCwLqq4BTbGEnLH4/wgwmKYJLJiAMQVEQh7hIiAghmEWsRT1VwPjZq/Xu/mL7F+prcOzQAkQDsN+GGNCTvpfwiWH0eRBX0o4DwHAJPyFhBTVwTocmMEeVTfLOYnKGkY+pwDKVnor2w+60YM4MRVNjQWOG5tTcueJFjGINdODEXKIgmSqqmbSFFYQNhVJ4toLikqLLBVBCHJAs1lMsYphoJRJUSsZLLbRNJI9HqntIG5bOuV/ZIGvLCCQl21DRB7mt+JuQdc1mnbTKivzAas1eigvIWmnNZ8PMoZFpSigsnLK7mONeJ+K8aHaeVckEkymTY9oE+VUKlfr9fjbA7yY8Hio9KG21Xf+js7OKl2jGRWZvJnPiZglTOgYmwYlkD8Rg4jUOmDEsBiZIk3TpsPmjAhuS0QoFLTy8nIzGo1ypmlKFEXly8rKZPLc5Jo+W21vaRkDlEBk4wEhjDCPMaVRFMuaJibK0eRUnS5egzjOtDCsxrJF6bZEf9GVeDzuYFk2YDKMhEzTQq4Dw7DrOrbY7VKXIite0SpGcoV0jcDyGYricrmCFkxlZX80nh3c2hmZ0BONOXRNT2CKSXucYnttVWhNdX3VCm91WUsZRRFOxn0eO9p7GgAEMExsMqypiyLGVT7fIWlEdnd3W3d1xwdaBFE2DYbREEg2GgpeL99qmiY2DJuQSMQHYAulOV2BbpahGEORrQ1VgfZDFaBJpVLumGzakGFwOmcacjLnIT6t8Dl3ED993jHzZV33lQUE8sBvrOq6/s2thf/HGHoKAWfxiLhz9lGOXx09yL/wYAg8ib7Aws2xb72/PnqDbLAuhAxMM4iZNSp026zhrocP1aikvV/9bcGLTW2xEawoUCyLUUGn7I1B5v1Lz558/aCqQxuY5KWd/+7a2fc9+o/b0wXDRzMMYjBCLENjVdNZYFgOEEUkmMgCnC6u1BGiOY5DLpcr53K7ctMmDHlm+sxJf61wOGJ7e55oNGrf3pmcevtdD86LpQsBbJBXgDEpikHAcoyBNUTW9r1H8Q+apjHLsmRqD9UBb8uIoY1Ljz1m1MtHD6n7mEjM78tu/WMZGGOJEK2u2dl94pJlKy5csmTpybvaOt0FRQcELFA0meAQlNNBEjhdEoR8fXXZrmlTJj0zacyw+WUeW7vb7VYI0Pn9/nxHR4crp1G+ux94/L7NTS2jOMGiGxhxHJKVs8887b5zTpkyz+fzyQfzsbh13pO3vb/0k+/oJuYMluYEA+jjxw1++Vc3Xn0F6dK7H64++c77nnooZ2qcltdNi1U0KFNnzzxl+gOnnTl9HpvLqaFQSN2HoC0VDoel8vJybdX6zWNvv/vxebGkXEG8xtAsICRz40c0LLj9Nz++kKh5H+oY/LLP/0oDwsPvN9/35k7lakYrgAIW8PJK+rsTnedPG1b31sEa5q1N4XOfWtZ2Xx5ZveQajgV83sTgT88a5r/zYNvoO++t1V1z7nty2WMxlbYDjQBQARDvBQeOpa47f9IVp09sfPGQ21yy+YRf3PLH17MGI2GggUIaCCwNuoGA4gTABi4G5chLSwJz5G8SmCNM5+SFtdIm+P32tisuO/e2s6Yf+9Ceg5TIuS3ftHP8NT+79b1MAXMsRZO7gKobgGiOfN6LbfeBAmm/d2ax+54mBp5H4LVz0TmzZ/zjnFmn/LlsHwpO/Z+9HWPppUefu+PF+R9+L5XKSAVVA4oVigHH3ffYHWSkaBpkWQaLJAADOmA1DyOHDdhw9mkz751w3Njn6tzuFFkSVVRU5AmAPvHKO9fe/8jzv4/Juh3TPHBmFupCZbt+dO1lVw2vC3x0oK/u64vWn3H73/7+WE8y60YUAh0D1AU8PXfefP3J44bWru57hh/c8tDLb7y75CxBsEJBUYChEVT67N2/+dk1500/eghRt94nozTpZ0sL8Pc8Oe+hN99bcRFCLLCMBTS1AJVBS/THP7zk6tlTjv5K7q58pQHh0WU98xat77iWNw0ocD6wUPnU5ePsp00aXbP0YF+8hRu6T3tiafh5BSQJDB1onoJvjy/7+exRvtsPto3ihwxj+qYH5r+4dEvqrAIwIHIIkKKAydoA52WYOqrq5cvPHv/9xnJ79FDaffWdD0/57Z/veVKhre6CrgNlKCCxNJhAA6J4YGgSpDOLIOEloI4AACAASURBVND3opKZQt+BEQ8Cg8EpQuGSC+bccfUFp/+6//0x3sR/tBaNu/ZXd72Vypt28l0mIEACfCbLgWD8BwB6n3P3h7sXGEyGB0XOgctpA1PL4dNnHv/Cjy+/6rJAgCICL3s9mpPYdcvv/vCvFWs3TzZpcXf/obgaKT4HQ3YZeoHNxBgsNgcoiga6roPLJoEqp8HrsiZOnTXzqUvOPOXmUMgR77tRe3u7dP8zC/7y2oLFV8oqFOc2lJGHmVPGvPbLuZfNra72d+2rX7siueDPfvWn19dvbRtv0jQwDAYrA5nvX3b+b68676S/9L9uw/bIgF/ecudr27uiwxR9N/iCmYdTj5/wwnVXn3dNQ1lZbE/9ib4ZEplJPvfG0nNun/fI3UnV9HIMD0jVyZhRvn3OzHt+dc1FPz2UMfK/PPcrDQgPLI49+l5T5/cEU4cs5wMbzqtzJ1lnTBp+8IAwf0PX2c8sjz5lUKKIVBlYUYCzxvp+ffbIwB8OZnrZ54zlG7pm3vnowvu7DaleYwxgTRWsJg8aJwMHLpBoFL/u4imXnDCq7K1DkUJ/8+0VJ/7mjnueT+qMC2EGLCwANlQgC3uTFgAMtTgzIP98elC7t/LIy1WgBbDxLOi5DAQdYvbH117+kzmnHfNQ/0G09OPtk37yu7vnxzKak3zpyJfYAAw6RQND7Z519AHAf0BndwsMZQCmWNA1CgRWANBzcOE5J933qx9eeM3eBmpbNFpx258efOS95ZtnUawdDNS7wqAQcAxr2K3WbMDn3mmR+BxZV2fkgr87GqvVNOANsi1JdjEpAxhsgiBy+NIzpv1p5tUX/ppIzvXdb932jtBNv79n/o6O7uEaZQHOVEBAaeX7l5x7y9xLz7ttb/0igH7L3x6544VX35+b1ymBF1gwzAKcMeno5+649UcX7M1nr7z+/kW3zHv8QcUESQMKWEBg41Hsx1dc8IvvzJm1zyXnli3Ntb++46Fn1+3smUBCvwQMLBzGo4+qfff2G3/2nfJD/GiUAKHXAo8v7p73zpbwtRpNg4losAuSfuU460mTh5e/d7BGenNt+Nyn1qSfMzWzuBwXAOGLxnl+OHN0xT2HojB085PLn5+/tOMcOwdQMLOg8QaImhfItFOAPBgcCxOGhN687uTjzqmqoohQyUEdry1cfuKv//zgS4qO7CRMUNANmDCk7r1Tjj3qpbSquFjBrmiGLrI02ePnDU01LNmC5m5t6xjy8eo14/MF5KBsXsC6CpwhQ11tdeTem2+cUF//H9m1D1etm/ijmx+cH8/qLgJkOkXBgOqKDd85YfQjOs0BIExCF4wJmOZ5TiMvTyaV9SZSyeAn67dMaenONSBGAJoyi0sYj9eu3HbTNWfMGDfknf4PSb6Mv7zjn/e88K+3ruAkHjRFAJozAamyNm5o/dJTT5z8zLihAz/yeGzNwWCQrJ/x1q2tobZId+PqtZtPfPuD5ed2xgvVJs0XtyrJkkJidLjh6m/94LI5p83rf6+3P1g1/dY/3v90l0wHKSkHYLLgl7yFu3//w8njRv5n6t93zesLls655Y4n/pnWKIuJcsDTGtSHqpruveWaaXV1dd37ctYPfnvfUwve++A8TIvkMwAcTUFdpbvp1l/88IxRQ0Lb9ryOBCzveuydu+YvXH6lhrqxQgUowZShzAktv/35dZdPP2b8uwc1MP6PTvpKzxAe+yBy78LNPXN1dve02cbwyrWTHCccPbzyoJcMC9Z1zXnsk/gLuoEoE9PAM4AvPSYwd+aI4AMHa/N1zd0T/vjoRy/ujMshjgbgaQaCASGOVcCdKcpHQwwQWMBv47pvvHjCaROH1Kw62LbfeG/FCb+87d7XcgXNQgTQBKsdLp5z4m9+fuW3btlfG83JpGv1srVn/v2pf/16Y0tPnUWSgDE1oBmAX1x3yTUXnjn9vr7rl32y4Zgf/u6+N1N5w0XrCgDD4eOOHfvCrT845zISsNtHcIyJxWKWNdu6Jz3wxAu/27StbTxGFGAwir64+OxZ9/72houv7d/H+R+umH3zHx9+NKsZ3lwhAxLnAYHJJ2afMvPxqy4749aQ4z9T/z2AhIpEIuRek//x7Ku/2byjbVKuoALDCcAChkE1nq2/uuHKM8cdNehTMZiVGHNLHnj65w888/YtiCJLLAw8YJg2Ydgbv/nRJef3jyVsa43U3/S7vz7T1NIzPqPoILAM2AWU+NmPr7r2vJnH7Fep+oM1O47545//9mhLOD4orzMgSRJQakY//7RpD/z6p1f8eM/A4KuLVpzyp7sfezSazASBQsAIDgAlkZl78Zxbv3XKcfNILORgx8b/xXlfaUB4fHH4vnfWx64GgS5OjwWKUX9wrO/EscMCB53dtmh92xmPLI+/QAHLKYgE1DBcflzF92cO8zx4sAZ/4LU1f3n+7a3XK5xenBG4QcyfPXPkHzleNx5+velWRKWAMq0AigHnnlb3hx+eedyvDrbtf7+74uRf/Om+l1UDi7qqAf3/27vOqCiybb0rdyCDIigOKpgwYg5jzqijYhqzjjmCmFHBhCgGFHPOjI7OmDCNOecxISoiBlREyXSorjpVb5129Dlclfa+mb591yv+6Fp9qvY+3z711Tk7FU1Dvy5t5oSO6G7RPTbEHg5etHFXFG9CFE4Q0hkM0L6Rf9yyOePbYh1wduH5G7frBYevOphjlBwZSQAeCVC/brW9GyOCOhW0S8LX7z5xrtuipbHLMrONrhJlAILUQAXvEjeXzx7U4MODh52I08fO2H/uamIziaaBJrEXhILurWou7Tlh+ATfr0QnPsXqanyi3+zI5TuTX6b7GSUCkMQAg3jo/2O7iEkju4V+OjYhJcU1auHWrecvJ7WWVSRQHA+sQMBPPQLCx/zUZcaf82dnL9kRuXXXoTEiS5AYI1KQUd/ANgsmjeo6paBjI3bKbt51aHDMup9nGWSVsx47WWUEHo7Mq8lBQ35q2cjfHPHCeSEJz54VmjMvdsfl+HuNOC0FvF4FIGZCk3r++0NGDhxW9iv+DUvXyz89zqYJYePZ1yuP3nk7lOQI8xmXlkh5ZAPPdkU8yYvfOTllWgLOyVuvOq27/DKWpjjWKDNmYulfz31MmwquMQU9DPj+L97pi4auOH7iyRtUBlG5IFEylNJwD2aN+KElqzXlDY86npihy3UhkQpkiYSibuTDGQMaNrHU+AeOX+wwOXLVLomgGSTg8zoBg7q3njN+iGWE8OpVjtuIsMgT9x4+ryTjtGFGBeWLOtxfPTek5p/5CMSl2/drjJyy5Fh6Lu+oZWRAQECdGhXjwoYGdi5RooQ5N+Frf4np6Q6TJiw88TDpbXWeyAaJUIOnfeH0jSuCqvoUfZ/4dOz8H21CZy7ZkityrrwgAMcIUN63xJXl4ePbfeuZec+BU93mr9q2NlMv2gsSCVpGDd+5ax7PCh9S19/X9y9O23OX71QLnbP+0Js8XWGBEgA7X7wLubyKmDqyfe1KPjd+OXG9S2TUyg05JsJOwjNHPFQr63M5KnRU4NcckB/wwMen58+zHVds2Rq9+9iFPiTraN4haQgTVCpb8sLs8cMCS5QobHZ6zluyOWz7vvNT9TiaSGBZdlCiEEqePGFM7yY1Kli8qy3IHv/k7zZNCBvOpK4+mpA1mKQF8xmZIyhhWIMiHbxdiDMFhZf+fDvQJ+Lf9lx/PmUjIcuESHAgkST0re0e0raiy2JLCGHb8TsT1u77YxaitKwkCYB9W4F1Sy0e263+WCwjfPu57ccvPulB0BTQjBoMeTwMCygf0rddlUWWGO7wmWttxs+K+U2QSFYSRcBe98HdWy2Y9A2e6GFTFh06feVWa6MAQHIa8Halnq6PHF/X29v7NV7Q124lVhoZFn0yLVPnrKYlcxZS/TpVDq6dPbaDJQ5QHPabFbNr69mL9zoJVC6IshoKa53ztq4IruJbvHgSnufMhZtiduw/NRLRGhAFAziwcnZI8E9BfQIabLIEh3xHCGZY6OLYYxf+CCRpEmREgR0tC9Mm9OvQuUXDQ/nvt3rLnqBlm/ZH5IiimlIxwAg0fO9f8XivHo1mLlrxy9KHyc+qGBABLKUCd3vy9bQJ/Qe1qlcrzlK9cPTgys2kKjMWLY999DzdF4drOQqAAZEPGtBlfOWeAatyr9ysNnXmmgPpvMnNKAqAj38OKrVxzIC24/t3a7/KkrwZS/X5J8fZNCFsPJu6Ju5h7iCQdECJenBU2esH1HHqUqtcMezJLzBlWJYTuQPxhYf/ci1tkWjIBkQwQLIc9KzhHtKuknOBD2x6uuwwZd2B0/Evs6uKBAmszIEzp0+dNrRFi+qlitzFhjl952nrhRvPb0gXhCJAkUAhRyjrId0c16dG+zJeXgVm0B04fqXDxIiYXQhoBkcS8KQGdm45b/zQbpMsNfyQyQuPnL50u6VMMWAUEfgWVj/dtGhKfS8vr5fvF/ODKqPClp7I0iFHFSGAQTBB3ZoVT80f36+dJcSanCyrQhfOPnLjTlJDRJuAZuzAXWuXuj4mpCbeIWAZfUfPOnHuelJDxkENiDeCj4dzwsbVMxp8KWHqa3PDJLb94KXucxav2YpIkTQaEGhVDPQObDFzyvBeYfmvxf6EjZPm7zh+6V5nEe+ABBbsGQ14F6UTEp9llwNOBr0Bv1BoIah/9+kj+gdEWoqt+cUSH89C+fLytr2n+s9fviFKkBkHHA3Bx4+izuonY8b2G7Jn99HRl648aofTsRDOIREQtG1e85fRfXoP9vZ2yrbk5fMtOv1TY22aEPAO4UhC+mASR5wkBCznCI2KU0sLu9vdAYHHzj0eAOlkghQpCVGyOZsPQCJIgcIpvyAzCRnyDxeeo74snw3mUD7DQvcaruPbV3ZfUBCohy4+7jNv5/kNImIpgRRAJbHQpGLhHWGDm+AsM3MAPyMjw3HxrpubTt1/2UGQENjTjgCQx/du5z++b9OKf/GMf07eIUwI81b8LEgkh0TZHAkZ1LXFoknDe4QUpB/+HcfWR02OOPng0dPynFoNvICgRhnPK1FThzX28vIyRzvO37xbfXTo0pNZOsleQ0pgkhE0qFvlyNqI4ICCiBVHDg6evdVseuSyXwwGWcMDDg6QUL2017Vdq2fVwTuMhy9eFB0eNPfC8wzxO5HkQUtT0KByhV9XzB8baMkcPjfm5OWEauHzl8WlZea5IxKAlCVoUrv6nhVzRnf53MN14drtClHLtm659+R1VVKlBhlJZmLiOA70Jh4c7LRQvXypU7PCh3f5knOzIF1TUlJcozftXXjw9/O9EcGSRpMIakaWSngVT0pNfeetE0wMxWG/gQClijgnzpgwsFuNKn5/FHRfW/rdpgkB+xB+v/tqKM2RYEIk5CAn8ICMdFHFOBoEkaYZR5CRHj+YH3YL+F9MCjj33xzWcpKyHj2V3Cq4kob3pbgULXerXmhyB3+PryYmYWfS9OV79hx/bGpHmQAIFQCDwDC1f9OOTaq4H/3UiHvPPO6zeN+VjbJMkSSfByaKhaq+7qfCf/T/oaCaiYO/X+oUumDNVhMiNHiB4ZTewd1bL5g0tItFySubYuNGL964OzLPKKhxBiK+vl3jqjsXho3u/kHHi9fiqwbNWn4iM1dyZiUj4OThBnX8j8wc3TXwzwzA/81d/pPosJPs7du3qgePU6otXL1zRWJKWnlBlgFJNLAcCV3b1Fk+c0x/c5ThTkJCxaHjo06+0zNuJsgDSuDFId26R0wY2flf3uaWLv74tDS7iUFzrye+yC4j0gLgNIxqpctejl0xpf6XjjkbdsQNXLHlUEymKVclyHrQUO4gmt4By7qAgz2XGx0R3PhbIkCf0/XstYc1w6Ni9qRm6osJ5tCoAZDeHigGZ5YawWikwUnN8eNHBA7v2b7ZZkuOZJZiYo1xtk0I51JXHbmfPoQUCBA5PcjAgVZEIAoUgFYE4AnAHu2C/niZA07SmWkCEaTct47nqIAKbsu/dt3ZuykBszdfO8DzmYSB14CjVgNli1MXpvdq07pQISL302sfvH3ruWzLhd9uPMmoCSoKKBMLzoSY+VOv+sM61Cyx80ty8Nb4wPGLHact3BJrMAEjCtmgVrGmAZ07RYUM6fDVKMOL7GyXS+evtF+wfk90Vo7OUUKUmQlVpKybPnHEoM4tan0Mp124fb/C6HExl7NMSEuyepBNAL4lSj9p8H3l7Yysk1mSEpAs0ri+wYRkjlFz+uxcQ6HXaWnet289bZ6R/lZDkQzOUgCDiQcPN7vM6Jljm2OnHZ7bhZsJdcZOWXj0nd5oj3OpJIMMIYP6hwzv26zAY9mXsMGEEBoac/7Bo5TKBCOBSaSgYunifyye3Lfulxyh+JrwaYsP3X6Y9j2SKUByDrCUJFOSE9G+VfUNkZMGDfx3tu440vLhuvh4mb2XENcrMmbj3EzKrbC9YACRocBIUkAgEVSIFzo1r7/lp15tRlrisC1o7Vr7d9smBLxDuJ82lAYWeM4EvMCCHYjAm1gQVSKQIguc/PWCMQkZZRPtQGgxGSAB9AjBoEbewwL8XL6ahxCx8cT2Y3+k9xBYGZCJALWkMw7oXDu0d6Ny/7LIk5OTVWfuZk+IPRo/NY+kGJyvzyEE/n4ex0I6len0tXP64TOX20yYte5XgwlxJCUArj2s5ON9p76/X5xAywhIRpIQzndDJEWzSJAQo9ObHFNSXpe+dfdeNaNIO2Dfg2DkzTUQ1Sv6nJs3eWorT0/iY7z78h9JvuPCY869ycpzl0gdMKQKZBMBgpQuqlkP2mAwgL1WDaJJAIahzLUFnFoDPM+DzAhAc3bmM7iDRg2EoNP36xawJGToj1M+LNZr8YlVh46Zc15HMBqTbARGJKFPp7bzQkd3sdgPkn/h305N1U4IWfBH0rM0X5lBgFO0a/mVPjd/cq+WH45C+a9ZF3towJI1O1YiVs2aTCJwNO7XgGMqCFzs2NTIWeM6fF+59JVvecjyFWyZieH+/aceW347PPXnY5eG2wEJBrzzZGmgAEHVkt9dnRg0qKd/+WJJ/w75fItu/8RYmyYEnIdwNP7NMJZUgZ40AG8AKO4Ar0lZxRoJg4izakVa4wBmny4O2Jn3uzi/HWfiIwCZtKNy37zWqUuocLYjQqAXTdJPjX1Gta3g+DFx518W49Ms/+kxB/a94+liONVfQwGUdCHuzA7p1szDnvhsrcL9F2m+i9Zf+DXhTUYFYGlzAZGzxi53Upca7er6e535kvH2HT7TaerCLbEmRLAULQKPZOBkErS0lJONBAcaaFyNSOBKTXwPUZRIICigWQYEQQRBZIGhAFSMDE5qInX2jAldG1Ur85c8jTPX4qtOnLbsdDYvOoiQByAzQBNqoBg98BLuaiSaU6MlvPsy8WBnJgcDaFQqMIoymGTKXIugJQVd/w4tlo4d0TP80zLgu4nPSw0JmnXpda5QiOAI4GQCAurV3LZgxtDe/+6ivX7/qcfEadFXXufkevGiCQhEQrO61X9bOXck9iG8b9P0yd+lG3fLRURv//nB87RKiBTMCU2IB5ApBwAqAzSsWqpevvzvETOH9PoWR+cn9QnUp3JPXXlQffritfvS32R5GiURmwSc1HTemIG9h/fp2Oi/tk+kzRPCgbtpwziKBpHgwZ5iMlpXdgrzdnG7RZB6kRYlE0EiQZRk8wKh/nQq4v+TJP5FUl19a+p1NiFruCiQFE47FSQk9GzoPa6dn+PSLy3WBT9fWr7//LPhmHGQqAdnDZ3ZpGapnb1aV53mYW+fl5EB7Pt6ozdyXh5oOU4tZjCs4+646/Mv3klqxxPACQICluago3+pZcF9ao/+0tviyKmLraZEbtqdYxC0SNKDzGiBkUgAZASB44AWRLM3O38rMpyXIYoi4Go8CkzgpJFTp44fMajl99UO5p/XhWv3K4wPX3I6Q8+7AoUfLjXwPAKCzgWC0ADNspCnN4CK05jbnunyckDF0sAbjGBvx2H5+gplfS53btN0+Q/Na/6a//644Gjo5Ojr8U8zyhMqAhhZhsoli16Zv2ZWoxIEUWCew+fscOT07e+nzVm6L0M0OZurLgUJurVttmzWxH6j8o/HO7SF63ZtOHL2zo+4mIplZHORmJuT85u0bModqCxzlSVhkGBQ7zbhIUO6mZOWLPnDxwVzPZj5jfPekYz/cIpycMT6QzfuPG6AQ85IMoGHE5eyNmJaLYri0319fb9YJm6J3P/UGJsmhI3nUlcdepA5hJEBREkAZ0J+0be+4w91/bwt9tzG3X/Xe9fFVzE6IzhqGLypA9Strtek9hUdPhtlSHqVUXzy8rgTr3V2PkjKBop0AYNOB8WLOZk4yviakWgRZBVD0rIoULkGMSeXZWgHkWI4IVOXVyQ9hy9MMY4gIhOoaAAPezJxVM+anWuX9fpsK7ODx860nzJv889GRKhpBoFAcEAKCEjEg6hSgWBEZkL40I8QLxT8Rsd7IPzwcpCbWbt6xXMDe/8YVtOvxK3PLaSLdx6WHTc1+sybjJzCjIoAUlKBilWLpXydr0o5JjuRIFiSYeV3mTqvpy9e2am1jkDTjLkvopu9lD16UI+RjWr4/IoQUnl5eWV8TsbQSfPizlxLaqMTjTg9HJxpMjc6MrRlPX/fS//O4g5ftHX+zr1HgvIkxDhq7YE06vTBw/uO6t+t5Yb891uybs+EdTv2TjcAoSUpGsAkQuWyJa536dR8wcr1+6NS3731MiITrkQAd3v7jPBJA7o3q1/1d0v0+rPRDO6M9ZdyZ+x07joi7MT1e0++p1nO7D/wcGSfL5k3vW6VMgWHmy2R/Z8YY9OE8D7smDYYKykACQ4S8bZvM02LxqU/v/A/+6a59yJwx6WM1XrEuqpBACSLpi7f+0zrWMFh/ufGr4+7ERb7+50QHVLZk6QJKFkCQaSAYmhz5R5B4R4FuJZfAiRlAqNyBhLZgSTqgKB0Rpp2UIkmnBGpB0IyAkNzcmBj34hRnWpN/dQ59UH2gaNnO0xduDVWlCmViHRgEBAUd3N7W6KI80OdLGpYgkT4OpJi8L8gyyLQFM27uTi99Cpe/EHd6n5H6lQu/cfXmm2cu3mv8rhpS4+/zePdSAoBKVBQv6Z/3MSQ/v1ED/sc1ZNMteQkyw/u3m8YvXLjgtR0vW+OARGcyh4okYfW9f1jxwwcMLxECeesLy3SVdt/Hbdo+Z4okaOAJAAYEUHr5vW2LJw6bNC3dhk6f+uZX3hk9G+v3mT6GikZWJECN630Knru5Kaf1jNgXU5ev11rxpzVe15n8kWBkQCQAVxVdqlTg0cMDWhedd/qbQeDlq//Za5eQiqCYYAwklC7qteJaRMH9vMtVizFkocOR1zyEwJO1gqZvebI9ftJ3wMuEEMSFHVVpUSFj21Yo1LpJ5bc1xbH2DwhnHz0ZjDeLou0A2gFSd+vKdWxoW/Jv1TZfQ3YozeSu225kb3KBFonVswFmUR81/q+YT/4Oc7Pv42/n2b0jVp7bF9ymq6cIAnmpqGEZACOcgDBJAHQyJy6jAScq4+rDwXAsQ9S4kBGORKQvIEinbXmmn+KB1pmwSgTUMbN7u7Yng16VizpfD//+ffwyfNtJs/bsktnAq2JxwTDQb9O7SJCR3QNx9tU3DcRAFjsPjCnWPxvWPCj57ughXX5xoNKY2cuPfYmh3cHQgBOJKBxHf9dyyJHd8+Pwc64k12XrNq8NEtPumPfAYgI7DnZ0LxB1R3DRvYZhxuWfE7e7QdPyoyZvOTU6+wsD1zvQQENKpqRZof06x7QvM5uSx1suD5h3ca4qCOnrvQXZBFEigTSgKB1g4o7l0aMx/kfH9/UuAw6cuHqbfeSUhoaJRZEZAQW6fTDe3WJHDOk2yysJ37Djw+P2bjv1NXewHIEdpxysij+2LFFzPTgvrg46eMx4Es4fo7IExPTHeasWPvb5dt3m8gyZ67OLFpIm7Isckw9v1Kl/mv7RNo+ITxIHWwSTSAzzmAvSrpBzYgOdUqXPl7QQ/Dh95N3Xv6w/lL6Nh2httOgHCApydipnu+MjuUd5+VfDL9efDBgeeztVUZRYlQqEYwCBTyDveb4XE+BDLkg0/j5VIEgAtAUAbjdoTn+T+gMBM3RRpOWIRkeEMoFRnIFntGDnUAYhnesMiqwWfn1nzipzA/00eMX2wbPWfurSLAMQRmBkAV5YKe24eOG9/hqtaOl88fjzl26XSt4zvKj6XrZkZB5UMsENKvpFxs9r0lfgqj+L228Vm2NG7tm62+zMw2SmmJYc3TGTg3QLaBh5NRRfSZ/SXbovO1rdx86NBAxpJk0GZoGX2dIDho9fFTzBlU/myqM/Q84aoDfwsnJaa57j8WN3L779OgsHhwIlgBcoVpIZZc1LaR3n3ZNax740NgWb9mjl20KXffLqTCRluF9arIGapf/7mzkpN6dihUr9rGpSvzjFz6jp674/fHrd940y5tTmx1ZJidkTNeRXQOa/lsOQNyaLih8xZEb8Ql1RYkDIFnwdFW/XRw+tmG1it4J32IfWxprs4SAnTZ74o2rziTm9cINMwRSA24EmTesCRvgX7L4WUtBvJCUEbD6RGqsTkL2rGwAhrKDdhW1M5qWsV+MG5m6uLjkmkNJrzK/i9516Ze7Sbk1QJSAVSHZQADRtlzhbfZ22lyGYQQkAwUSLgLGXm6JlEGiHDWqTJ0g2VNqRk+aJKBFAr3JEksduX0/MI/VsFoBgSjS4F/G5XjMqEat8289f794o+WEOct35uTyjgw+/5IkdGtVf1H4uAET/67899tPn5YYNHr+zexswUkGo9kn0aRm5Z+XzQ368Us4LlqzY8b22EPB2RJhT1GY8kSw46iMvt06zhvZtwMOveLdyl/Sx09dj68/N2rJxpfvdD56RJoLrSgkg6OG1rduVGtTm6Z1dhR1dU12dDQaDQaGJ0mSKFy4cB7O9rz1+E2VnftOIfIIKgAACtlJREFUjjl/+VZHI8Kt2xGQ1Pv2rz3aN105M7jP8E91PX0loU7YnEW73uj4YjhHgQEairqyKaMGdwjp2Kr5rvzz2vDzwWEx63fOyUOMM8JaIyOUKO7xJHL84B+LuGru/klK39RFu9/oyDNXb99pAIwWsBPZ04VNiV0+v6qn5+f7W1q6Zv+T42yWEPAbYNmZ5+uuPsrpg6vUjDIHjkDmDQ5waV+7WCGLG6ScTszqsubEyy08SalI4IGQaOhQyX5uI296Nk3TZKFChYz4wYu7+KjHyt0XorJE0pNCHNAyBUWL2cVH9KnY8NO3zafG+lIb9tTU3MJztxzeeeNpTqP3nY40oKEMaeP6NenVrOp3f3Fmnb7+oHFQWNT+XJ1gx1AU5iLo2b5B9Izg/sF/18K4nPis/IigiCtGE2VnMGab24G1rl9r+9LZI3p9bZscPn/Til+OnB2KnQK8SQSGJsBJy7wd1r/rlL6BLf7SMegDFlv3nui/fM3WuRk65I4bipinL4mgpkhwtlOlFS/qmejtVfyBRq02E7FeZ9Lee5RQ89W7d8Uy8nJcBBlIjUYDEu75KElQo7zPlYg5Qa0/rW59+1a2Hx4advDuw6cNcOcnAijM1PywvoEzxgz44bMdk5KTM52Wbt669Ldj53qrtE5mwpFMJmhVp/Lu4CF9RiKUk+Xj44Pb2n+xV2J+2/cZGXHu6t0HdU1AmcO2xQtpUzYvnF7LkirKv8u2f/d9bJYQ8ERXnHy+4dyD9P4UASBSDDhI8puR7YsEVPIsZHEDkvNPdW3WHk7czDNqNxKXpQqEFFjFcWpg7WIfFw5uNrJy+/nNlxLeBSBapFjSAfdrF7q1Lz17SLt6syw5Z+Y3zNrDN8Ji4xLDTFQeQRK44EcvNahafNfcwS3/8lY+fjG+Vcisxb/lGUSV+atGNAW92zWICQvqF1RQnYGli+FWUkrpgcFzbubpSa1JyDETQqu6tWJjZg/r8bV74AcvdGHMtlNnL7WnVHYANAcmPhfcnbhXk8YOGvZDwxr781+Pj0QrNh8Ijt0TNzY7T/AwEYI5PGoO+xGEeXdCEZS5fyJuJ49E3P4ZAS4MkwkJaJICo14PHMVA5fIVboWP7trfL1/0JGxJbNTOfcfH8YgEbFNSNkHdauWOTJ86onspF5cvtsO/dvtxhckRi3c/S80sQzIaEHkRHNVE3oCenWaO6NMWV7/ivgaMJd2QsV9hYMj8E+dvJTQWZcbcis6rkPrFqoXT6voWc7XIWWmp/aw5zmYJAQO+7OjjTaeeQR98epcJEZxklD4swLNttWKuly0F6fwTY/vVh+6t11GsGy55YCRSCqxROLRrzSIfK97237wXGL3t6koTci0kEkZz0LmYBj2dMqpO46oeJZ5aKuvTcXey5JKzFx278ConqwhCEjCcGhg5N2/2sB9a1fFx+Fgbf/zi3bbBYQv2CRJJ4iiCgBD07thoRfiYAZgQ/pY23fefvPqu96iwhPRMo5rlZMApTs1qVDuwJiq4fUFzS0nJcZ2+cOnOS38kNjUixvxA04QRvD0cHweNHjykZS2/k/nvES/LbPzBC503/7wn9OnLd+VMokRwWg2YJBly9DpgOQpokgDRZDQTBcuo8TcnAOde4QQyOw6y6tf1P/zToH6T/Dz/+iGXXw5f6TI3evW6XKPkgCM+OJJT1N3+8axpo3rUq1Dm2tfmg9fUjr0ney1YsWlprlF2omgVCAIPxdy0b6aMGdSvVeNqRz7nQPzcPXHRV5+R4acu3k2qSzFqQCYeirvbv9q4cn5170La1wXhaqu/2ywhYMC2nXwYcSDRNJnB3m7SxDuzTGafpsV/rOFlf9pSQH9/ZOjx29kHc/QE7SkTEiJF4FtWcZ/XrYa72amIk1r2X3oxP+5ycm8jT2tZtYaQBZ2hZe3i28b3+n7U/6U4Zfn2C9G/XkoegpBAkKyaIUESAuv5LhjWtcbHOoUzF261mDgn+mejKHEkgJhnNLL9u7aOmTyy/wRL51jQuFuJiX5jJi/6PSM914VRyQZRItnGtavvXTJjTM+CrsW/377/uMK0yKXbUl7rfIy8yLAMiRCfI/lXLnt1SL8eIXVr/GtFH36wbiU88Tly7NZPF6/eaJf0IqUkIhmVRL3/viNONuQYnHAlmysTcQN6rYrKqFSu1M2ObRutrlO59HFXV9ecT/XDH8mZOGX+9mcpb6uJokxJkoRwf/Q+PdovHjugy2xL5oLDhYs37V1w9Pj5XkiiSImkNBpK0Ner6hs3enCvcT4+PhZ96SpZllWLpkTuPHHlbgsGN46UEVHS0+1xVMSUQB+vwo8t0cUWx9g0IVx/lFpLR9FFGWTP8STPERIQDX3td3ztYyH5QX4ly5qk+9kBoopjRRlRhuwcl1Ju9sf8vrP/+E3B05cS22UKoitBMxJJMrIs6sny3oVP/F+3fs+yspyTnxtqm2QDQ8gqGomkyk0lv67+SZNYvEXdf/JGB5mU8QebpAyd3rW0p/vN2tXKWXwsKmhh4fP9oXO32tEEjRAyEDpR0nq6FHlWz9/b4qQhvMt4lPi8hoFHapqhBFnkSZomhUq+vmd8fIqkfcUXwSQkv/ZMfPys8v1HT+o+TXld/tXLtBLp6RmeFEWJ3t7FHhVydX7uV8Hnop/fd5c9PDyefKkbVnJyWpGkly8r6niTE4giZadVZwskJ7esU/7Et+ymbj9OLfzwUVIDmiGlXF50UhOEkTTp5VrVy+39Up3E5+Z38sofAXoDaEQBMSxNII6m9U3qV8K9Ov6WnV1Bdv0nfrdpQvgnJlzQljAxMZH7b007/Sfw+sJ22ZzX/63ftvzze5Tywxcv3LPe6jxohjVVq1jy4bcmLv1d8yxoLfxdcv6b7vP/jhD+m4yj6KogYG0EFEKwNuKKPAUBG0ZAIQQbNo6imoKAtRFQCMHaiCvyFARsGAGFEGzYOIpqCgLWRkAhBGsjrshTELBhBBRCsGHjKKopCFgbAYUQrI24Ik9BwIYRUAjBho2jqKYgYG0EFEKwNuKKPAUBG0ZAIQQbNo6imoKAtRFQCMHaiCvyFARsGAGFEGzYOIpqCgLWRkAhBGsjrshTELBhBBRCsGHjKKopCFgbAYUQrI24Ik9BwIYRUAjBho2jqKYgYG0EFEKwNuKKPAUBG0ZAIQQbNo6imoKAtRFQCMHaiCvyFARsGAGFEGzYOIpqCgLWRkAhBGsjrshTELBhBBRCsGHjKKopCFgbAYUQrI24Ik9BwIYRUAjBho2jqKYgYG0EFEKwNuKKPAUBG0ZAIQQbNo6imoKAtRFQCMHaiCvyFARsGAGFEGzYOIpqCgLWRkAhBGsjrshTELBhBBRCsGHjKKopCFgbAYUQrI24Ik9BwIYRUAjBho2jqKYgYG0EFEKwNuKKPAUBG0ZAIQQbNo6imoKAtRFQCMHaiCvyFARsGAGFEGzYOIpqCgLWRkAhBGsjrshTELBhBBRCsGHjKKopCFgbAYUQrI24Ik9BwIYRUAjBho2jqKYgYG0EFEKwNuKKPAUBG0ZAIQQbNo6imoKAtRFQCMHaiCvyFARsGAGFEGzYOIpqCgLWRkAhBGsjrshTELBhBBRCsGHjKKopCFgbAYUQrI24Ik9BwIYRUAjBho2jqKYgYG0EFEKwNuKKPAUBG0ZAIQQbNo6imoKAtRFQCMHaiCvyFARsGAGFEGzYOIpqCgLWRuB/AEQBtcR0EHD0AAAAAElFTkSuQmCC" ++++ } ++++] diff --cc hub1/ci.go index 0000000,0000000,0000000,0000000..8519c65 new file mode 100644 --- /dev/null +++ b/hub1/ci.go @@@@@ -1,0 -1,0 -1,0 -1,0 +1,155 @@@@@ ++++package main ++++ ++++import ( ++++ "crypto/sha256" ++++ "encoding/json" ++++ "flag" ++++ "fmt" ++++ "github.com/crowdsecurity/crowdsec/pkg/cwhub" ++++ "io" ++++ "io/ioutil" ++++ "log" ++++ "os" ++++) ++++ ++++type typeInfo struct { ++++ Path string `json:"path"` ++++ Stage string `json:"stage,omitempty"` ++++ Version string `json:"version"` ++++ Versions map[string]versionInfo `json:"versions"` ++++ LongDescription string `json:"long_description,omitempty"` ++++ FileContent string `json:"content"` ++++ Description string `json:"description,omitempty"` ++++ Author string `json:"author,omitempty"` ++++ References []string `json:"references,omitempty"` ++++ Labels map[string]string `json:"labels"` ++++ Parsers []string `json:"parsers,omitempty"` ++++ PostOverflows []string `json:"postoverflows,omitempty"` ++++ Scenarios []string `json:"scenarios,omitempty"` ++++ Collections []string `json:"collections,omitempty"` ++++} ++++ ++++type fileInfo struct { ++++ Description string `yaml:"description"` ++++ Author string `yaml:"author"` ++++ References []string `yaml:"references"` ++++ Labels map[string]string `json:"labels"` ++++ Parsers []string `yaml:"parsers,omitempty"` ++++ PostOverflows []string `yaml:"postoverflows,omitempty"` ++++ Scenarios []string `yaml:"scenarios,omitempty"` ++++ Collections []string `yaml:"collections,omitempty"` ++++} ++++ ++++type versionInfo struct { ++++ Digest string `json:"digest"` ++++ Deprecated bool `json:"deprecated"` ++++} ++++ ++++const ( ++++ parsersFolder = "parsers/" ++++ scenariosFolder = "scenarios/" ++++ postoverflowsFolder = "postoverflows/" ++++ collectionsFolder = "collections/" ++++) ++++ ++++var types = []string{ ++++ "parsers", ++++ "scenarios", ++++ "postoverflows", ++++ "collections", ++++} ++++ ++++func getSHA256(filepath string) (string, error) { ++++ /* Digest of file */ ++++ f, err := os.Open(filepath) ++++ if err != nil { ++++ return "", fmt.Errorf("unable to open '%s' : %s", filepath, err.Error()) ++++ } ++++ ++++ defer f.Close() ++++ ++++ h := sha256.New() ++++ if _, err := io.Copy(h, f); err != nil { ++++ return "", fmt.Errorf("unable to calculate sha256 of '%s': %s", filepath, err.Error()) ++++ } ++++ ++++ return fmt.Sprintf("%x", h.Sum(nil)), nil ++++} ++++ ++++func main() { ++++ var generate bool ++++ var inputFile string ++++ var outFile string ++++ var target string ++++ ++++ idx := make(map[string]map[string]typeInfo) ++++ tmpIdx := make(map[string]map[string]typeInfo) ++++ ++++ flag.StringVar(&target, "target", "all", "decide what to generate : blockers|configs|all") ++++ flag.StringVar(&outFile, "output", ".index.json", "File to output index") ++++ flag.BoolVar(&generate, "generate", false, "File to output index") ++++ flag.StringVar(&inputFile, "input", ".index.json", "File to read index from") ++++ flag.Parse() ++++ ++++ if target == "all" || target == "configs" { ++++ if generate == true { ++++ for _, t := range types { ++++ configType, err := generateIndex(t) ++++ if err != nil { ++++ panic(err) ++++ } ++++ idx[t] = configType ++++ } ++++ } else { ++++ // update .index file ++++ f, _ := ioutil.ReadFile(inputFile) ++++ ++++ _ = json.Unmarshal([]byte(f), &tmpIdx) ++++ ++++ for _, t := range types { ++++ updateIndex(t, idx, tmpIdx) ++++ } ++++ } ++++ ++++ json, err := json.MarshalIndent(idx, "", " ") ++++ if err != nil { ++++ panic(err) ++++ } ++++ if err := ioutil.WriteFile(outFile, json, 0644); err != nil { ++++ log.Fatalf("failed writting new json index : %s", err) ++++ } ++++ ++++ /*Check if the generated index is correct*/ ++++ indexContent, err := ioutil.ReadFile(outFile) ++++ if err != nil { ++++ log.Fatalf("Unable to read index : %v", err) ++++ } ++++ _, err = cwhub.LoadPkgIndex(indexContent) ++++ if err != nil { ++++ log.Fatalf("Unable to load existing index : %v.", err) ++++ } ++++ } ++++ if target == "all" || target == "blockers" { ++++ blockers, err := LoadJSON("blockers/list.json") ++++ if err != nil { ++++ log.Fatalf("failed to load json : %s", err) ++++ } ++++ log.Printf("Loaded %d blockers", len(blockers)) ++++ for x, blocker := range blockers { ++++ log.Printf("%d/%d", x+1, len(blockers)) ++++ ++++ updated, err := UpdateItem(blocker) ++++ if err != nil { ++++ log.Fatalf("failed to update %+v : %s", blocker, err) ++++ } ++++ blockers[x] = updated ++++ } ++++ log.Printf("Dumping updated items") ++++ ++++ if err := DumpJSON("blockers.json", blockers); err != nil { ++++ log.Fatalf("failed to dump new json file : %s", err) ++++ } ++++ } ++++ return ++++ ++++} diff --cc hub1/collections/crowdsecurity/.tests/apache2/acquis.yaml index 0000000,0000000,0000000,0000000..6988314 new file mode 100644 --- /dev/null +++ b/hub1/collections/crowdsecurity/.tests/apache2/acquis.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,5 @@@@@ ++++mode: cat ++++filenames: ++++ - ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log ++++labels: ++++ type: apache2 diff --cc hub1/collections/crowdsecurity/.tests/apache2/apache2.log index 0000000,0000000,0000000,0000000..cb6fa66 new file mode 100644 --- /dev/null +++ b/hub1/collections/crowdsecurity/.tests/apache2/apache2.log @@@@@ -1,0 -1,0 -1,0 -1,0 +1,4 @@@@@ ++++93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "GET / HTTP/1.0" 500 803 "-" "-" ++++164.68.112.178 - - [08/Jun/2020:07:01:28 +0000] "GET / HTTP/1.0" 500 799 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" ++++195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" ++++www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" diff --cc hub1/collections/crowdsecurity/.tests/iptables/acquis.yaml index 0000000,0000000,0000000,0000000..495444c new file mode 100644 --- /dev/null +++ b/hub1/collections/crowdsecurity/.tests/iptables/acquis.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,5 @@@@@ ++++mode: cat ++++filenames: ++++ - ./collections/crowdsecurity/.tests/iptables/iptables.log ++++labels: ++++ type: syslog diff --cc hub1/collections/crowdsecurity/.tests/iptables/bucket_result.yaml index 0000000,0000000,0000000,0000000..6348a25 new file mode 100644 --- /dev/null +++ b/hub1/collections/crowdsecurity/.tests/iptables/bucket_result.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,329 @@@@@ ++++- Type: 1 ++++ Alert: ++++ MapKey: 10a3ef02f2011534975441766719a68c88af1738 ++++ Sources: ++++ 42.42.42.93: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 42.42.42.93 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 42.42.42.93 ++++ Alert: ++++ capacity: 15 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ eventscount: 16 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 5s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/iptables-scan-multi_ports ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 42.42.42.93 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 42.42.42.93 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ APIAlerts: ++++ - capacity: 15 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ eventscount: 16 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 5s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/iptables-scan-multi_ports ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 42.42.42.93 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 42.42.42.93 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" diff --cc hub1/collections/crowdsecurity/.tests/iptables/config.yaml index 0000000,0000000,0000000,0000000..c31610a new file mode 100644 --- /dev/null +++ b/hub1/collections/crowdsecurity/.tests/iptables/config.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,14 @@@@@ ++++#configuration ++++acquisition_file: acquis.yaml ++++parser_results: parser_results.yaml ++++bucket_results: bucket_result.yaml ++++postoverflow_input: po_input.yaml ++++marshaled_time_year: 2020 ++++index: "./config/hub/.index.json" ++++configurations: ++++ parsers: ++++ - crowdsecurity/iptables-logs ++++ - crowdsecurity/syslog-logs ++++ - crowdsecurity/dateparse-enrich ++++ scenarios: ++++ - crowdsecurity/iptables-scan-multi_ports diff --cc hub1/collections/crowdsecurity/.tests/iptables/iptables.log index 0000000,0000000,0000000,0000000..8d9933c new file mode 100644 --- /dev/null +++ b/hub1/collections/crowdsecurity/.tests/iptables/iptables.log @@@@@ -1,0 -1,0 -1,0 -1,0 +1,563 @@@@@ ++++Dec 17 14:31:31 sd-126005 kernel: [66618940.661938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=28 ID=26921 PROTO=TCP SPT=52809 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ++++Dec 17 14:31:31 sd-126005 kernel: [66618940.662391] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=16966 PROTO=TCP SPT=52809 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:32 sd-126005 kernel: [66618941.052919] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:32 sd-126005 kernel: [66618941.052961] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:32 sd-126005 kernel: [66618941.053010] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:32 sd-126005 kernel: [66618941.053030] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:32 sd-126005 kernel: [66618941.053396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:32 sd-126005 kernel: [66618941.053415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:32 sd-126005 kernel: [66618941.053456] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:32 sd-126005 kernel: [66618941.053473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:32 sd-126005 kernel: [66618941.053512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:32 sd-126005 kernel: [66618941.053529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:32 sd-126005 kernel: [66618941.053878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:32 sd-126005 kernel: [66618941.053896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:32 sd-126005 kernel: [66618941.054389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:32 sd-126005 kernel: [66618941.054409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:32 sd-126005 kernel: [66618941.054412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:32 sd-126005 kernel: [66618941.054429] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:32 sd-126005 kernel: [66618941.054903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:32 sd-126005 kernel: [66618941.054922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.149948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.149991] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.151918] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.151950] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.151995] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.152012] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.152370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.152385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.152422] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.152437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.152859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.152878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.152915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.152930] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.152964] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.152980] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.153388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.153404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.246912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=36687 PROTO=TCP SPT=53076 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.254936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.254957] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.255005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=9039 PROTO=TCP SPT=53065 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.255411] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.255414] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.255432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.255434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.255885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.255905] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.255948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.255965] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.256005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=39157 PROTO=TCP SPT=53065 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.256387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.256405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.256448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.256466] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.351410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.351424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.445896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.445911] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.446358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.446369] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.446397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.446408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.446438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.446449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.446852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.446864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.446891] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.446903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.446933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.446944] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.447374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.447408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.447440] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.447453] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.448399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.448413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.546912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.546926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.547392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.547405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.547437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=59524 PROTO=TCP SPT=53065 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.547515] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.547526] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.547871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.547883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.549400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.549413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.549446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.549457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.549485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.549496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.549881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.549893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.549922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.549933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.647403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.647405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=38787 PROTO=TCP SPT=53066 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.647447] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.647872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.647885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.647914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.647926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.650409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.650423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.650866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.650879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.650908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.650920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.650948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.650959] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.651367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.651381] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.651865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.651879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.651909] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.651920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.751433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.751471] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.751872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.751885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.751915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.751926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.751955] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.751966] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.752367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.752380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.752408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.752420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.752446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.752458] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.752881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.752894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.752925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.752936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.753368] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.753380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.753410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.753421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.847405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.847421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.847862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.847877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.848882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.848898] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.848933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.848946] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.849372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.849387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.850889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.850904] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.851361] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.851376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.851410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.851423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.851491] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.851505] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.851870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:33 sd-126005 kernel: [66618942.851884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:34 sd-126005 kernel: [66618943.952908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:34 sd-126005 kernel: [66618943.952935] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:34 sd-126005 kernel: [66618943.953362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:34 sd-126005 kernel: [66618943.953387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:34 sd-126005 kernel: [66618943.953418] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:34 sd-126005 kernel: [66618943.953438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:34 sd-126005 kernel: [66618943.953468] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:34 sd-126005 kernel: [66618943.953489] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:34 sd-126005 kernel: [66618943.953855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:34 sd-126005 kernel: [66618943.953868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:34 sd-126005 kernel: [66618943.954374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:34 sd-126005 kernel: [66618943.954386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:34 sd-126005 kernel: [66618943.954415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:34 sd-126005 kernel: [66618943.954427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.049409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=32937 PROTO=TCP SPT=53077 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.051910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.051924] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.051956] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.051967] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.052352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.052363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.052365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.052378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.052394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.052405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.052432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.052444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.077892] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.077906] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.077937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.077949] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.078351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.078364] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.078395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.078407] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.078434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.078446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.078473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.078485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.078858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.078871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.079353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.079366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.153394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.153412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.153449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.153463] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.153499] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.153512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.153543] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.153557] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.154367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.154382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.154845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.154860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.180389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.180404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.180436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.180448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.180474] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.180486] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.180517] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.180529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.180833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.180871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.180883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.181340] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.181352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.181382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.181393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.253887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.253902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.257374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.257389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.257420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.257432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.257459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.257470] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.257496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.257508] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.257845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.257857] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.278895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.278910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.279341] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.279352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.279844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.279855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.279884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.279896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.282384] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.282386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.282399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.282425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.282866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.282878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.352380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.352395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.352426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.352438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.352836] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.352848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.352866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.352907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.353357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.353370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.355921] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.379405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.379419] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.379451] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.379462] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.379490] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.379502] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.379534] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.379545] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.380373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.380385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.380852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.380865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.381365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.381378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.381420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.452393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.452408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.452868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.452871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.452887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.452889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.452926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.452942] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.453352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.453367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.453839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.453855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.479378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.479392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.479425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.479437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.479841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.479853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.479882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.479894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.480345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.480358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.480848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.480860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.481360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.481397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.481436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.481450] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.552886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.552888] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.552901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.552920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.554879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.554893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.554927] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.554938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.555353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.555365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.555392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.555403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.580881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.580895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.581339] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.581351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.581378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.581390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.581420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.581431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.581842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.581855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.582344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.582347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.582359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.582360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.582390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.582401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.673897] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.673912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.674346] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.674359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.683388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.683403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.683843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.683855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.684343] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.684355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.684382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.684393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.718886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.718901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.719330] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.719342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.719839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.719850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.719877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.719889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.723373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.723387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.723848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.723851] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.723863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.723864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.724344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.724356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.780887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.780902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.781866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.781901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.782344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.782357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.782404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.782417] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.782445] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.782457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.782844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.782856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.782885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.782896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.783363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.783376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.783409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.783421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.783448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.783460] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.784357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.784371] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.812380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.812394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.812426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.812437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.812469] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.812481] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.874401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.874415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.874448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.874459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.874833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.874845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.875353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.875366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.875395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.875406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.875433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.875444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.880367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.880382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.880415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.880426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.880830] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.880842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.880870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.880881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.881362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.881375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.881831] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.881843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.881873] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.881885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.882385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.882405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.953400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.953434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.953849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.953862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.954871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.954884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.955860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.955874] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.956353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.956365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.956397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:35 sd-126005 kernel: [66618944.956408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618944.980386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618944.980400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618944.980849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618944.980862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618944.981354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618944.981367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618944.981826] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618944.981837] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618944.981864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618944.981876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618944.982355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618944.982367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618944.982395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618944.982406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618944.982843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618944.982856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.053387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.053402] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.053860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.053894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.055879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.055893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.055926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.055937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.055982] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.055994] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.056363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.056375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.079863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.079876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.080350] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.080362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.080392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.080404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.080431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.080443] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.080838] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.080844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.080852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.080858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.082382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.082395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.082427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.082439] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.156390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.156404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.156856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.156869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.157868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.157882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.158367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.158380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.158413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.158424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.158841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.158853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.180390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.180405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.180855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.180859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.180868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.180889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.180901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.181373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.181385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.181848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.181861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.182347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.182360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.182847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.182859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.254882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.254896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.255345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.255357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.256367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.256370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.256383] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.256401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.256413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.256425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.256849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.256861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.280372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.280386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.280835] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.280847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.280875] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.280887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.280914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.280925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.281347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.281359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.281869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.281883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.282862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.282876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.282908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.282920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.355393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=34 ID=43247 PROTO=TCP SPT=53078 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.355850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.355863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.355896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.355936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.355947] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.356334] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.356347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.356847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.356859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.380867] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.380870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.380883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.380885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.381354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.381367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.381396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.381832] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.381844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.382344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.382356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.382846] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.382858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.383342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ++++Dec 17 14:31:36 sd-126005 kernel: [66618945.383357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 diff --cc hub1/collections/crowdsecurity/.tests/iptables/parser_results.yaml index 0000000,0000000,0000000,0000000..deaee24 new file mode 100644 --- /dev/null +++ b/hub1/collections/crowdsecurity/.tests/iptables/parser_results.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,70377 @@@@@ ++++provisionalresults: ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:31 sd-126005 kernel: [66618940.661938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=28 ID=26921 PROTO=TCP SPT=52809 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618940.661938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=28 ID=26921 PROTO=TCP SPT=52809 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:31 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:31 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:31 sd-126005 kernel: [66618940.661938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=28 ID=26921 PROTO=TCP SPT=52809 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "80" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "40" ++++ logsource: syslog ++++ message: '[66618940.661938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=28 ID=26921 PROTO=TCP SPT=52809 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "52809" ++++ timestamp: Dec 17 14:31:31 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:31 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:31 sd-126005 kernel: [66618940.661938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=28 ID=26921 PROTO=TCP SPT=52809 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "80" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "40" ++++ logsource: syslog ++++ message: '[66618940.661938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=28 ID=26921 PROTO=TCP SPT=52809 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "52809" ++++ timestamp: Dec 17 14:31:31 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:31Z" ++++ StrTime: Dec 17 14:31:31 ++++ MarshaledTime: "2020-12-17T14:31:31Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:31 sd-126005 kernel: [66618940.662391] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=16966 PROTO=TCP SPT=52809 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618940.662391] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=16966 PROTO=TCP SPT=52809 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:31 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:31 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:31 sd-126005 kernel: [66618940.662391] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=16966 PROTO=TCP SPT=52809 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "443" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618940.662391] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=16966 PROTO=TCP SPT=52809 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "52809" ++++ timestamp: Dec 17 14:31:31 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:31 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:31 sd-126005 kernel: [66618940.662391] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=16966 PROTO=TCP SPT=52809 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "443" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618940.662391] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=16966 PROTO=TCP SPT=52809 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "52809" ++++ timestamp: Dec 17 14:31:31 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:31Z" ++++ StrTime: Dec 17 14:31:31 ++++ MarshaledTime: "2020-12-17T14:31:31Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.052919] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618941.052919] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:32 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.052919] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "53" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.052919] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:32 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.052919] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "53" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.052919] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ StrTime: Dec 17 14:31:32 ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.052961] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618941.052961] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:32 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.052961] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "53" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.052961] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:32 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.052961] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "53" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.052961] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ StrTime: Dec 17 14:31:32 ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053010] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618941.053010] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:32 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053010] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "113" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.053010] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:32 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053010] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "113" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.053010] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ StrTime: Dec 17 14:31:32 ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053030] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618941.053030] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:32 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053030] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "113" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.053030] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:32 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053030] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "113" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.053030] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ StrTime: Dec 17 14:31:32 ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618941.053396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:32 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "995" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.053396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:32 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "995" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.053396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ StrTime: Dec 17 14:31:32 ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618941.053415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:32 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "995" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.053415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:32 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "995" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.053415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ StrTime: Dec 17 14:31:32 ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053456] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618941.053456] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:32 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053456] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "199" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.053456] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:32 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053456] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "199" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.053456] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ StrTime: Dec 17 14:31:32 ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618941.053473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:32 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "199" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.053473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:32 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "199" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.053473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ StrTime: Dec 17 14:31:32 ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618941.053512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:32 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3306" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.053512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:32 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3306" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.053512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ StrTime: Dec 17 14:31:32 ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618941.053529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:32 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3306" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.053529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:32 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3306" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.053529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ StrTime: Dec 17 14:31:32 ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618941.053878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:32 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "21" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.053878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:32 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "21" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.053878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ StrTime: Dec 17 14:31:32 ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618941.053896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:32 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "21" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.053896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:32 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "21" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.053896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ StrTime: Dec 17 14:31:32 ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618941.054389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:32 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3389" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.054389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:32 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3389" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.054389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ StrTime: Dec 17 14:31:32 ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618941.054409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:32 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3389" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.054409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:32 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3389" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.054409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ StrTime: Dec 17 14:31:32 ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618941.054412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:32 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "143" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.054412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:32 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "143" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.054412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ StrTime: Dec 17 14:31:32 ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054429] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618941.054429] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:32 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054429] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "143" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.054429] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:32 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054429] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "143" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.054429] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ StrTime: Dec 17 14:31:32 ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618941.054903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:32 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "23" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.054903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:32 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "23" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.054903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ StrTime: Dec 17 14:31:32 ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618941.054922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:32 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "23" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.054922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:32 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "23" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.054922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ StrTime: Dec 17 14:31:32 ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.149948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.149948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.149948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "23" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.149948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.149948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "23" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.149948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.149991] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.149991] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.149991] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "23" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.149991] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.149991] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "23" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.149991] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.151918] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.151918] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.151918] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3389" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.151918] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.151918] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3389" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.151918] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.151950] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.151950] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.151950] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3389" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.151950] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.151950] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3389" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.151950] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.151995] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.151995] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.151995] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "53" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.151995] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.151995] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "53" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.151995] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152012] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.152012] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152012] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "53" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.152012] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152012] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "53" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.152012] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.152370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "143" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.152370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "143" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.152370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.152385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "143" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.152385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "143" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.152385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152422] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.152422] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152422] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "21" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.152422] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152422] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "21" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.152422] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.152437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "21" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.152437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "21" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.152437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.152859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "199" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.152859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "199" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.152859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.152878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "199" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.152878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "199" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.152878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.152915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3306" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.152915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3306" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.152915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152930] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.152930] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152930] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3306" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.152930] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152930] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3306" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.152930] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152964] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.152964] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152964] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "995" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.152964] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152964] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "995" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.152964] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152980] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.152980] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152980] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "995" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.152980] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152980] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "995" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.152980] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.153388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.153388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.153388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "113" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.153388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.153388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "113" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.153388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.153404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.153404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.153404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "113" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.153404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.153404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "113" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.153404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.246912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=36687 PROTO=TCP SPT=53076 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.246912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=36687 PROTO=TCP SPT=53076 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.246912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=36687 PROTO=TCP SPT=53076 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "80" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "40" ++++ logsource: syslog ++++ message: '[66618942.246912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=36687 PROTO=TCP SPT=53076 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53076" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.246912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=36687 PROTO=TCP SPT=53076 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "80" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "40" ++++ logsource: syslog ++++ message: '[66618942.246912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=36687 PROTO=TCP SPT=53076 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53076" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.254936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.254936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.254936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8080" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.254936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.254936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8080" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.254936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.254957] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.254957] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.254957] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8080" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.254957] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.254957] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8080" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.254957] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=9039 PROTO=TCP SPT=53065 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.255005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=9039 PROTO=TCP SPT=53065 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=9039 PROTO=TCP SPT=53065 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "80" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.255005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=9039 PROTO=TCP SPT=53065 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=9039 PROTO=TCP SPT=53065 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "80" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.255005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=9039 PROTO=TCP SPT=53065 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255411] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.255411] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255411] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1720" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.255411] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255411] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1720" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.255411] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255414] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.255414] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255414] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "587" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.255414] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255414] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "587" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.255414] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.255432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "587" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.255432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "587" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.255432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.255434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1720" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.255434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1720" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.255434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.255885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "135" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.255885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "135" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.255885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255905] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.255905] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255905] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "135" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.255905] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255905] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "135" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.255905] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.255948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "111" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.255948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "111" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.255948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255965] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.255965] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255965] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "111" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.255965] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255965] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "111" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.255965] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=39157 PROTO=TCP SPT=53065 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.256005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=39157 PROTO=TCP SPT=53065 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=39157 PROTO=TCP SPT=53065 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "443" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.256005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=39157 PROTO=TCP SPT=53065 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=39157 PROTO=TCP SPT=53065 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "443" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.256005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=39157 PROTO=TCP SPT=53065 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.256387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "110" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.256387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "110" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.256387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.256405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "110" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.256405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "110" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.256405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.256448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1723" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.256448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1723" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.256448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256466] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.256466] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256466] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1723" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.256466] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256466] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1723" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.256466] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.351410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.351410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.351410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "110" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.351410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.351410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "110" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.351410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.351424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.351424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.351424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "110" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.351424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.351424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "110" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.351424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.445896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.445896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.445896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8080" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.445896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.445896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8080" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.445896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.445911] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.445911] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.445911] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8080" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.445911] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.445911] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8080" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.445911] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.446358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "135" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.446358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "135" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.446358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446369] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.446369] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446369] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "135" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.446369] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446369] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "135" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.446369] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.446397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "111" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.446397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "111" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.446397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.446408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "111" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.446408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "111" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.446408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.446438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1723" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.446438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1723" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.446438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.446449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1723" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.446449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1723" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.446449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.446852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1025" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.446852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1025" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.446852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.446864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1025" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.446864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1025" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.446864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446891] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.446891] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446891] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1720" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.446891] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446891] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1720" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.446891] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.446903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1720" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.446903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1720" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.446903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.446933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "587" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.446933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "587" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.446933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446944] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.446944] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446944] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "587" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.446944] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446944] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "587" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.446944] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.447374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5900" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.447374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5900" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.447374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.447408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5900" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.447408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5900" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.447408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447440] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.447440] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447440] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "445" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.447440] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447440] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "445" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.447440] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447453] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.447453] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447453] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "445" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.447453] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447453] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "445" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.447453] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.448399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.448399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.448399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "139" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.448399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.448399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "139" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.448399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.448413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.448413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.448413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "139" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.448413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.448413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "139" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.448413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.546912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.546912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.546912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "993" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.546912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.546912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "993" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.546912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.546926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.546926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.546926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "993" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.546926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.546926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "993" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.546926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.547392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "554" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.547392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "554" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.547392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.547405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "554" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.547405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "554" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.547405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=59524 PROTO=TCP SPT=53065 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.547437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=59524 PROTO=TCP SPT=53065 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=59524 PROTO=TCP SPT=53065 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "22" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.547437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=59524 PROTO=TCP SPT=53065 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=59524 PROTO=TCP SPT=53065 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "22" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.547437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=59524 PROTO=TCP SPT=53065 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547515] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.547515] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547515] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8888" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.547515] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547515] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8888" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.547515] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547526] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.547526] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547526] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8888" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.547526] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547526] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8888" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.547526] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.547871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "445" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.547871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "445" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.547871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.547883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "445" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.547883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "445" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.547883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.549400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5900" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.549400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5900" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.549400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.549413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5900" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.549413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5900" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.549413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.549446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "256" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.549446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "256" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.549446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.549457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "256" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.549457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "256" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.549457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.549485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1025" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.549485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1025" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.549485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.549496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1025" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.549496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1025" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.549496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.549881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1087" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.549881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1087" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.549881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.549893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1087" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.549893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1087" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.549893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.549922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "139" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.549922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "139" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.549922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.549933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "139" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.549933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "139" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.549933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.647403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8888" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.647403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8888" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.647403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=38787 PROTO=TCP SPT=53066 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.647405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=38787 PROTO=TCP SPT=53066 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=38787 PROTO=TCP SPT=53066 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "22" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.647405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=38787 PROTO=TCP SPT=53066 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=38787 PROTO=TCP SPT=53066 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "22" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.647405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=38787 PROTO=TCP SPT=53066 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647447] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.647447] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647447] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8888" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.647447] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647447] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8888" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.647447] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.647872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "993" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.647872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "993" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.647872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.647885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "993" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.647885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "993" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.647885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.647914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "554" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.647914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "554" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.647914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.647926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "554" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.647926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "554" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.647926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.650409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1087" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.650409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1087" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.650409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.650423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1087" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.650423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1087" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.650423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.650866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1533" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.650866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1533" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.650866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.650879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1533" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.650879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1533" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.650879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.650908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5051" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.650908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5051" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.650908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.650920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5051" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.650920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5051" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.650920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.650948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "256" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.650948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "256" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.650948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650959] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.650959] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650959] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "256" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.650959] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650959] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "256" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.650959] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.651367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1055" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.651367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1055" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.651367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651381] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.651381] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651381] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1055" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.651381] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651381] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1055" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.651381] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.651865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2557" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.651865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2557" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.651865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.651879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2557" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.651879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2557" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.651879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651909] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.651909] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651909] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "512" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.651909] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651909] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "512" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.651909] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.651920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "512" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.651920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "512" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.651920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.751433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1174" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.751433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1174" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.751433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751471] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.751471] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751471] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1174" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.751471] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751471] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1174" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.751471] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.751872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8192" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.751872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8192" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.751872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.751885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8192" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.751885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8192" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.751885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.751915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "407" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.751915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "407" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.751915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.751926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "407" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.751926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "407" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.751926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751955] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.751955] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751955] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "24800" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.751955] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751955] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "24800" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.751955] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751966] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.751966] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751966] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "24800" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.751966] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751966] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "24800" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.751966] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.752367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2557" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.752367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2557" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.752367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.752380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2557" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.752380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2557" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.752380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.752408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1055" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.752408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1055" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.752408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.752420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1055" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.752420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1055" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.752420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.752446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1533" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.752446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1533" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.752446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752458] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.752458] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752458] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1533" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.752458] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752458] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1533" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.752458] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.752881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5051" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.752881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5051" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.752881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.752894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5051" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.752894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5051" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.752894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.752925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "10629" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.752925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "10629" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.752925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.752936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "10629" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.752936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "10629" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.752936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753368] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.753368] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753368] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "512" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.753368] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753368] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "512" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.753368] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.753380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "512" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.753380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "512" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.753380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.753410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2393" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.753410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2393" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.753410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.753421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2393" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.753421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2393" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.753421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.847405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8192" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.847405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8192" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.847405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.847421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8192" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.847421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8192" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.847421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.847862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "24800" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.847862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "24800" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.847862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.847877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "24800" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.847877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "24800" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.847877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.848882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1174" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.848882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1174" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.848882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848898] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.848898] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848898] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1174" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.848898] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848898] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1174" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.848898] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.848933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "407" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.848933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "407" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.848933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848946] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.848946] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848946] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "407" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.848946] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848946] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "407" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.848946] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.849372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.849372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.849372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2393" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.849372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.849372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2393" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.849372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.849387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.849387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.849387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2393" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.849387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.849387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2393" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.849387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.850889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.850889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.850889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "10629" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.850889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.850889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "10629" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.850889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.850904] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.850904] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.850904] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "10629" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.850904] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.850904] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "10629" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.850904] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851361] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.851361] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851361] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "7025" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.851361] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851361] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "7025" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.851361] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.851376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "7025" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.851376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "7025" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.851376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.851410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3030" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.851410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3030" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.851410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.851423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3030" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.851423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3030" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.851423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851491] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.851491] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851491] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2106" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.851491] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851491] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2106" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.851491] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851505] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.851505] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851505] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2106" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.851505] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851505] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2106" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.851505] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.851870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "264" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.851870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "264" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.851870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618942.851884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "264" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.851884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:33 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "264" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.851884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.952908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618943.952908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:34 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.952908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "264" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618943.952908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:34 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.952908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "264" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618943.952908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ StrTime: Dec 17 14:31:34 ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.952935] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618943.952935] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:34 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.952935] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "264" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618943.952935] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:34 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.952935] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "264" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618943.952935] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ StrTime: Dec 17 14:31:34 ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618943.953362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:34 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2106" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618943.953362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:34 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2106" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618943.953362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ StrTime: Dec 17 14:31:34 ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618943.953387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:34 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2106" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618943.953387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:34 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2106" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618943.953387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ StrTime: Dec 17 14:31:34 ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953418] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618943.953418] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:34 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953418] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3030" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618943.953418] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:34 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953418] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3030" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618943.953418] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ StrTime: Dec 17 14:31:34 ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618943.953438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:34 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3030" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618943.953438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:34 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3030" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618943.953438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ StrTime: Dec 17 14:31:34 ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953468] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618943.953468] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:34 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953468] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "7025" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618943.953468] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:34 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953468] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "7025" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618943.953468] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ StrTime: Dec 17 14:31:34 ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953489] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618943.953489] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:34 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953489] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "7025" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618943.953489] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:34 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953489] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "7025" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618943.953489] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ StrTime: Dec 17 14:31:34 ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618943.953855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:34 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "10629" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618943.953855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:34 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "10629" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618943.953855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ StrTime: Dec 17 14:31:34 ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618943.953868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:34 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "10629" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618943.953868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:34 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "10629" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618943.953868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ StrTime: Dec 17 14:31:34 ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618943.954374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:34 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2393" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618943.954374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:34 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2393" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618943.954374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ StrTime: Dec 17 14:31:34 ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618943.954386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:34 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2393" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618943.954386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:34 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2393" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618943.954386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ StrTime: Dec 17 14:31:34 ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618943.954415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:34 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1174" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618943.954415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:34 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1174" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618943.954415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ StrTime: Dec 17 14:31:34 ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618943.954427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:34 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1174" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618943.954427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:34 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1174" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618943.954427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ StrTime: Dec 17 14:31:34 ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.049409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=32937 PROTO=TCP SPT=53077 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.049409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=32937 PROTO=TCP SPT=53077 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.049409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=32937 PROTO=TCP SPT=53077 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "80" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "40" ++++ logsource: syslog ++++ message: '[66618944.049409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=32937 PROTO=TCP SPT=53077 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53077" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.049409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=32937 PROTO=TCP SPT=53077 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "80" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "40" ++++ logsource: syslog ++++ message: '[66618944.049409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=32937 PROTO=TCP SPT=53077 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53077" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.051910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2106" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.051910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2106" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.051910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051924] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.051924] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051924] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2106" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.051924] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051924] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2106" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.051924] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051956] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.051956] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051956] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "7025" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.051956] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051956] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "7025" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.051956] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051967] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.051967] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051967] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "7025" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.051967] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051967] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "7025" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.051967] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.052352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "264" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.052352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "264" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.052352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.052363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "24800" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.052363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "24800" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.052363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.052365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "264" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.052365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "264" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.052365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.052378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "24800" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.052378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "24800" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.052378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.052394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3030" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.052394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3030" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.052394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.052405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3030" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.052405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3030" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.052405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.052432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "407" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.052432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "407" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.052432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.052444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "407" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.052444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "407" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.052444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077892] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.077892] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077892] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8192" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.077892] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077892] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8192" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.077892] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077906] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.077906] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077906] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8192" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.077906] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077906] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8192" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.077906] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.077937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "512" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.077937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "512" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.077937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077949] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.077949] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077949] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "512" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.077949] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077949] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "512" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.077949] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.078351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5051" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.078351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5051" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.078351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078364] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.078364] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078364] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5051" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.078364] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078364] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5051" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.078364] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.078395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2557" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.078395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2557" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.078395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078407] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.078407] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078407] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2557" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.078407] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078407] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2557" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.078407] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.078434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1055" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.078434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1055" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.078434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.078446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1055" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.078446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1055" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.078446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.078473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1533" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.078473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1533" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.078473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.078485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1533" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.078485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1533" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.078485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.078858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "256" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.078858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "256" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.078858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.078871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "256" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.078871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "256" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.078871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.079353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.079353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.079353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1087" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.079353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.079353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1087" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.079353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.079366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.079366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.079366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1087" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.079366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.079366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1087" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.079366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.153394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "993" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.153394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "993" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.153394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.153412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "993" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.153412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "993" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.153412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.153449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "554" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.153449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "554" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.153449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153463] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.153463] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153463] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "554" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.153463] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153463] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "554" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.153463] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153499] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.153499] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153499] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "139" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.153499] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153499] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "139" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.153499] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.153512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "139" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.153512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "139" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.153512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153543] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.153543] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153543] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8888" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.153543] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153543] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8888" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.153543] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153557] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.153557] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153557] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8888" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.153557] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153557] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8888" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.153557] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.154367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1025" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.154367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1025" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.154367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.154382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1025" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.154382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1025" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.154382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.154845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5900" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.154845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5900" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.154845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.154860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5900" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.154860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5900" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.154860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.180389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "445" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.180389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "445" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.180389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.180404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "445" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.180404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "445" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.180404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.180436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "587" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.180436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "587" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.180436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.180448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "587" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.180448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "587" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.180448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180474] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.180474] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180474] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8080" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.180474] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180474] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8080" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.180474] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180486] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.180486] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180486] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8080" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.180486] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180486] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8080" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.180486] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180517] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.180517] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180517] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1720" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.180517] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180517] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1720" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.180517] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.180529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1720" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.180529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1720" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.180529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.180833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "111" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.180833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "111" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.180833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "111" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "111" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.180871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "135" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.180871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "135" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.180871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.180883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "135" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.180883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "135" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.180883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181340] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.181340] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181340] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "110" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.181340] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181340] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "110" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.181340] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.181352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "110" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.181352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "110" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.181352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.181382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1723" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.181382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1723" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.181382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.181393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1723" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.181393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1723" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.181393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.253887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.253887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.253887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "53" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.253887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.253887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "53" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.253887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.253902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.253902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.253902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "53" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.253902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.253902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "53" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.253902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.257374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "113" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.257374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "113" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.257374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.257389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "113" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.257389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "113" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.257389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.257420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3306" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.257420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3306" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.257420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.257432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3306" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.257432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3306" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.257432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.257459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "995" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.257459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "995" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.257459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257470] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.257470] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257470] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "995" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.257470] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257470] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "995" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.257470] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.257496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "199" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.257496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "199" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.257496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257508] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.257508] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257508] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "199" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.257508] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257508] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "199" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.257508] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.257845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "21" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.257845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "21" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.257845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257857] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.257857] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257857] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "21" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.257857] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257857] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "21" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.257857] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.278895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.278895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.278895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "143" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.278895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.278895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "143" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.278895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.278910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.278910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.278910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "143" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.278910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.278910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "143" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.278910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279341] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.279341] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279341] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3389" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.279341] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279341] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3389" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.279341] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.279352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3389" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.279352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3389" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.279352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.279844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "16080" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.279844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "16080" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.279844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.279855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "16080" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.279855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "16080" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.279855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.279884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "23" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.279884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "23" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.279884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.279896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "23" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.279896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "23" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.279896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282384] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.282384] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282384] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5440" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.282384] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282384] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5440" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.282384] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.282386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1062" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.282386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1062" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.282386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.282399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1062" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.282399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1062" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.282399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.282425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5440" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.282425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5440" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.282425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.282866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1069" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.282866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1069" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.282866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.282878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1069" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.282878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1069" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.282878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.352380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "44176" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.352380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "44176" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.352380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.352395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "44176" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.352395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "44176" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.352395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.352426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6009" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.352426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6009" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.352426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.352438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6009" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.352438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6009" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.352438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352836] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.352836] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352836] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6646" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.352836] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352836] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6646" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.352836] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.352848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6646" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.352848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6646" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.352848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.352866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "55600" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.352866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "55600" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.352866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.352907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "55600" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.352907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "55600" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.352907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.353357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.353357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.353357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3689" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.353357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.353357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3689" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.353357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.353370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.353370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.353370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3689" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.353370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.353370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3689" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.353370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "23502" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "23502" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.355921] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.355921] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.355921] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "23502" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.355921] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.355921] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "23502" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.355921] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.379405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "12000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.379405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "12000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.379405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379419] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.379419] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379419] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "12000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.379419] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379419] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "12000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.379419] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379451] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.379451] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379451] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "16080" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.379451] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379451] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "16080" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.379451] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379462] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.379462] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379462] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "16080" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.379462] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379462] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "16080" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.379462] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379490] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.379490] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379490] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5915" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.379490] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379490] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5915" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.379490] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379502] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.379502] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379502] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5915" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.379502] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379502] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5915" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.379502] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379534] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.379534] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379534] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6969" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.379534] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379534] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6969" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.379534] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379545] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.379545] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379545] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6969" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.379545] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379545] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6969" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.379545] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.380373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4129" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.380373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4129" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.380373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.380385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4129" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.380385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4129" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.380385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.380852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1069" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.380852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1069" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.380852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.380865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1069" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.380865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1069" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.380865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.381365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1062" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.381365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1062" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.381365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.381378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1062" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.381378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1062" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.381378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5440" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5440" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.381420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5440" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.381420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5440" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.381420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.452393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3689" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.452393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3689" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.452393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.452408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3689" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.452408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3689" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.452408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.452868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6009" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.452868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6009" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.452868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.452871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "55600" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.452871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "55600" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.452871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.452887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6009" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.452887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6009" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.452887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.452889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "55600" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.452889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "55600" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.452889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.452926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6646" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.452926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6646" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.452926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452942] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.452942] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452942] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6646" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.452942] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452942] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6646" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.452942] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.453352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "44176" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.453352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "44176" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.453352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.453367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "44176" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.453367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "44176" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.453367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.453839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "23502" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.453839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "23502" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.453839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.453855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "23502" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.453855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "23502" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.453855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.479378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5915" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.479378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5915" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.479378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.479392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5915" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.479392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5915" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.479392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.479425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4129" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.479425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4129" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.479425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.479437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4129" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.479437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4129" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.479437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.479841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "12000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.479841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "12000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.479841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.479853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "12000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.479853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "12000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.479853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.479882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6969" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.479882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6969" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.479882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.479894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6969" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.479894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6969" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.479894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.480345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "16080" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.480345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "16080" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.480345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.480358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "16080" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.480358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "16080" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.480358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.480848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1062" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.480848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1062" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.480848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.480860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1062" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.480860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1062" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.480860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.481360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1069" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.481360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1069" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.481360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.481397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1069" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.481397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1069" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.481397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.481436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5440" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.481436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5440" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.481436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481450] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.481450] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481450] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5440" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.481450] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481450] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5440" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.481450] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.552886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3689" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.552886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3689" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.552886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552888] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.552888] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552888] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "55600" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.552888] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552888] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "55600" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.552888] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.552901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "55600" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.552901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "55600" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.552901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.552920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3689" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.552920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3689" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.552920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.554879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "44176" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.554879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "44176" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.554879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.554893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "44176" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.554893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "44176" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.554893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554927] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.554927] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554927] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "23502" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.554927] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554927] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "23502" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.554927] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.554938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "23502" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.554938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "23502" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.554938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.555353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6009" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.555353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6009" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.555353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.555365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6009" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.555365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6009" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.555365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.555392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6646" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.555392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6646" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.555392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.555403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6646" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.555403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6646" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.555403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.580881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.580881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.580881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "12000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.580881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.580881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "12000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.580881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.580895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.580895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.580895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "12000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.580895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.580895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "12000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.580895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581339] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.581339] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581339] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4129" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.581339] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581339] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4129" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.581339] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.581351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4129" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.581351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4129" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.581351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.581378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6969" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.581378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6969" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.581378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.581390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6969" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.581390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6969" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.581390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.581420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5915" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.581420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5915" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.581420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.581431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5915" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.581431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5915" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.581431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.581842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "668" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.581842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "668" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.581842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.581855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "668" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.581855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "668" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.581855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.582344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9968" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.582344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9968" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.582344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.582347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3333" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.582347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3333" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.582347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.582359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3333" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.582359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3333" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.582359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.582360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9968" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.582360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9968" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.582360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.582390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1154" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.582390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1154" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.582390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.582401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1154" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.582401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1154" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.582401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.673897] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.673897] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.673897] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1075" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.673897] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.673897] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1075" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.673897] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.673912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.673912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.673912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1075" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.673912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.673912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1075" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.673912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.674346] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.674346] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.674346] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9418" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.674346] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.674346] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9418" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.674346] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.674359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.674359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.674359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9418" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.674359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.674359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9418" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.674359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.683388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1034" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.683388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1034" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.683388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.683403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1034" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.683403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1034" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.683403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.683843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3971" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.683843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3971" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.683843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.683855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3971" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.683855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3971" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.683855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684343] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.684343] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684343] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5060" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.684343] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684343] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5060" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.684343] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.684355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5060" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.684355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5060" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.684355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.684382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4006" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.684382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4006" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.684382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.684393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4006" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.684393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4006" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.684393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.718886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.718886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.718886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "668" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.718886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.718886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "668" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.718886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.718901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.718901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.718901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "668" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.718901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.718901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "668" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.718901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719330] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.719330] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719330] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "30" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.719330] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719330] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "30" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.719330] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.719342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "30" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.719342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "30" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.719342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.719839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1259" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.719839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1259" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.719839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.719850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1259" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.719850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1259" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.719850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.719877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "18040" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.719877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "18040" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.719877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.719889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "18040" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.719889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "18040" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.719889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.723373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2119" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.723373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2119" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.723373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.723387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2119" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.723387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2119" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.723387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.723848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1154" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.723848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1154" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.723848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723851] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.723851] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723851] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3333" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.723851] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723851] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3333" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.723851] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.723863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3333" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.723863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3333" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.723863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.723864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1154" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.723864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1154" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.723864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.724344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.724344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.724344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9968" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.724344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.724344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9968" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.724344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.724356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.724356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.724356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9968" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.724356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.724356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9968" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.724356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.780887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.780887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.780887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9418" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.780887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.780887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9418" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.780887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.780902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.780902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.780902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9418" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.780902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.780902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9418" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.780902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.781866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.781866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.781866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1075" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.781866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.781866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1075" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.781866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.781901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.781901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.781901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1075" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.781901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.781901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1075" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.781901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.782344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4006" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.782344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4006" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.782344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.782357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4006" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.782357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4006" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.782357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.782404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5060" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.782404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5060" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.782404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782417] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.782417] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782417] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5060" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.782417] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782417] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5060" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.782417] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782445] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.782445] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782445] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3971" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.782445] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782445] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3971" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.782445] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.782457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3971" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.782457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3971" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.782457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.782844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1034" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.782844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1034" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.782844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.782856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1034" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.782856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1034" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.782856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.782885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2119" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.782885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2119" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.782885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.782896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2119" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.782896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2119" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.782896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.783363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "30" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.783363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "30" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.783363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.783376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "30" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.783376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "30" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.783376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.783409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "18040" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.783409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "18040" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.783409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.783421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "18040" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.783421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "18040" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.783421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.783448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1259" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.783448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1259" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.783448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783460] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.783460] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783460] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1259" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.783460] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783460] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1259" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.783460] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.784357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.784357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.784357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "668" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.784357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.784357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "668" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.784357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.784371] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.784371] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.784371] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "668" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.784371] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.784371] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "668" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.784371] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.812380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9968" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.812380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9968" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.812380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.812394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9968" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.812394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9968" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.812394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.812426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1154" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.812426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1154" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.812426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.812437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1154" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.812437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1154" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.812437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812469] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.812469] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812469] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3333" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.812469] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812469] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3333" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.812469] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812481] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.812481] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812481] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3333" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.812481] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812481] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3333" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.812481] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.874401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9418" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.874401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9418" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.874401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.874415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9418" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.874415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9418" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.874415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.874448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1075" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.874448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1075" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.874448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.874459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1075" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.874459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1075" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.874459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.874833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1034" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.874833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1034" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.874833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.874845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1034" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.874845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1034" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.874845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.875353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4006" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.875353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4006" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.875353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.875366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4006" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.875366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4006" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.875366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.875395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3971" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.875395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3971" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.875395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.875406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3971" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.875406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3971" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.875406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.875433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5060" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.875433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5060" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.875433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.875444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5060" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.875444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5060" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.875444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.880367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "18040" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.880367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "18040" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.880367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.880382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "18040" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.880382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "18040" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.880382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.880415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "30" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.880415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "30" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.880415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.880426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "30" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.880426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "30" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.880426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880830] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.880830] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880830] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2119" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.880830] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880830] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2119" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.880830] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.880842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2119" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.880842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2119" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.880842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.880870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1259" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.880870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1259" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.880870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.880881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1259" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.880881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1259" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.880881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.881362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "82" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.881362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "82" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.881362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.881375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "82" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.881375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "82" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.881375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881831] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.881831] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881831] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1022" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.881831] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881831] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1022" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.881831] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.881843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1022" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.881843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1022" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.881843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881873] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.881873] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881873] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "903" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.881873] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881873] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "903" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.881873] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.881885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "903" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.881885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "903" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.881885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.882385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.882385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.882385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1277" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.882385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.882385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1277" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.882385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.882405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.882405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.882405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1277" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.882405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.882405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1277" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.882405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.953400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2009" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.953400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2009" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.953400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.953434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2009" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.953434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2009" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.953434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.953849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2135" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.953849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2135" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.953849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.953862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2135" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.953862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2135" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.953862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.954871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.954871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.954871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3260" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.954871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.954871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3260" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.954871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.954884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.954884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.954884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3260" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.954884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.954884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3260" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.954884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.955860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.955860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.955860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4125" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.955860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.955860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4125" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.955860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.955874] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.955874] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.955874] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4125" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.955874] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.955874] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4125" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.955874] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.956353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9103" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.956353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9103" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.956353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.956365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9103" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.956365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9103" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.956365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.956397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "7741" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.956397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "7741" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.956397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.956408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "7741" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.956408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:35 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "7741" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.956408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.980386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "82" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.980386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "82" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.980386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.980400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "82" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.980400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "82" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.980400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.980849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "24444" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.980849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "24444" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.980849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.980862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "24444" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.980862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "24444" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.980862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.981354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2161" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.981354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2161" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.981354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.981367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2161" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.981367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2161" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.981367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981826] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.981826] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981826] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3784" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.981826] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981826] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3784" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.981826] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981837] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.981837] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981837] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3784" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.981837] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981837] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3784" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.981837] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.981864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "31038" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.981864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "31038" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.981864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.981876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "31038" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.981876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "31038" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.981876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.982355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1022" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.982355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1022" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.982355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.982367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1022" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.982367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1022" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.982367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.982395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1277" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.982395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1277" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.982395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.982406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1277" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.982406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1277" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.982406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.982843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "903" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.982843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "903" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.982843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618944.982856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "903" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.982856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "903" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.982856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.053387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2135" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.053387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2135" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.053387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053402] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.053402] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053402] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2135" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.053402] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053402] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2135" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.053402] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.053860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2009" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.053860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2009" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.053860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.053894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2009" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.053894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2009" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.053894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.055879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9103" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.055879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9103" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.055879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.055893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9103" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.055893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9103" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.055893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.055926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4125" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.055926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4125" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.055926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.055937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4125" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.055937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4125" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.055937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055982] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.055982] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055982] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "7741" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.055982] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055982] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "7741" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.055982] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055994] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.055994] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055994] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "7741" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.055994] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055994] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "7741" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.055994] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.056363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.056363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.056363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3260" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.056363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.056363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3260" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.056363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.056375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.056375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.056375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3260" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.056375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.056375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3260" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.056375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.079863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.079863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.079863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3784" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.079863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.079863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3784" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.079863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.079876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.079876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.079876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3784" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.079876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.079876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3784" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.079876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080350] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.080350] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080350] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2161" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.080350] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080350] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2161" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.080350] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.080362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2161" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.080362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2161" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.080362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.080392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "31038" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.080392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "31038" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.080392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.080404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "31038" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.080404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "31038" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.080404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.080431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "24444" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.080431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "24444" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.080431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080443] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.080443] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080443] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "24444" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.080443] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080443] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "24444" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.080443] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080838] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.080838] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080838] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "82" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.080838] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080838] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "82" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.080838] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.080844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "903" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.080844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "903" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.080844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.080852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "82" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.080852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "82" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.080852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.080858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "903" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.080858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "903" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.080858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.082382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1277" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.082382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1277" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.082382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.082395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1277" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.082395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1277" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.082395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.082427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1022" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.082427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1022" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.082427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082439] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.082439] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082439] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1022" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.082439] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082439] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1022" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.082439] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.156390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2009" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.156390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2009" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.156390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.156404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2009" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.156404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2009" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.156404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.156856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2135" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.156856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2135" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.156856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.156869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2135" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.156869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2135" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.156869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.157868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.157868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.157868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3260" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.157868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.157868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3260" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.157868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.157882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.157882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.157882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3260" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.157882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.157882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3260" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.157882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.158367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "7741" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.158367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "7741" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.158367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.158380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "7741" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.158380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "7741" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.158380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.158413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4125" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.158413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4125" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.158413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.158424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4125" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.158424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4125" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.158424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.158841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9103" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.158841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9103" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.158841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.158853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9103" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.158853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9103" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.158853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.180390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "24444" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.180390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "24444" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.180390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.180405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "24444" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.180405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "24444" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.180405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "31038" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "31038" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.180855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2161" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.180855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2161" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.180855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.180859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "31038" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.180859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "31038" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.180859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.180868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2161" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.180868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2161" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.180868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.180889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3784" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.180889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3784" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.180889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.180901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3784" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.180901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3784" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.180901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.181373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "90" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.181373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "90" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.181373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.181385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "90" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.181385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "90" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.181385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.181848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5102" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.181848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5102" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.181848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.181861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5102" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.181861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5102" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.181861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.182347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "705" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.182347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "705" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.182347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.182360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "705" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.182360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "705" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.182360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.182847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.182847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.182847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.182859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.182859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.182859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.254882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.254882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.254882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3128" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.254882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.254882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3128" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.254882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.254896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.254896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.254896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3128" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.254896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.254896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3128" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.254896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.255345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.255345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.255345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4998" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.255345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.255345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4998" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.255345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.255357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.255357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.255357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4998" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.255357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.255357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4998" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.255357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.256367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4567" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.256367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4567" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.256367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.256370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3551" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.256370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3551" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.256370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256383] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.256383] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256383] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3551" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.256383] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256383] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3551" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.256383] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.256401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4567" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.256401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4567" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.256401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.256413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "16000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.256413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "16000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.256413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.256425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "16000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.256425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "16000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.256425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.256849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5414" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.256849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5414" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.256849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.256861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5414" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.256861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5414" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.256861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.280372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "90" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.280372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "90" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.280372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.280386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "90" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.280386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "90" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.280386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280835] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.280835] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280835] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1166" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.280835] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280835] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1166" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.280835] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.280847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1166" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.280847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1166" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.280847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280875] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.280875] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280875] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5802" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.280875] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280875] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5802" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.280875] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.280887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5802" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.280887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5802" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.280887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.280914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "777" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.280914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "777" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.280914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.280925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "777" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.280925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "777" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.280925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.281347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1721" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.281347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1721" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.281347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.281359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1721" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.281359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1721" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.281359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.281869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.281869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.281869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.281883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.281883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.281883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.282862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "705" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.282862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "705" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.282862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.282876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "705" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.282876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "705" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.282876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.282908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5102" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.282908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5102" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.282908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.282920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5102" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.282920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5102" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.282920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=34 ID=43247 PROTO=TCP SPT=53078 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.355393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=34 ID=43247 PROTO=TCP SPT=53078 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=34 ID=43247 PROTO=TCP SPT=53078 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "80" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "40" ++++ logsource: syslog ++++ message: '[66618945.355393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=34 ID=43247 PROTO=TCP SPT=53078 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53078" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=34 ID=43247 PROTO=TCP SPT=53078 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "80" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "40" ++++ logsource: syslog ++++ message: '[66618945.355393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=34 ID=43247 PROTO=TCP SPT=53078 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53078" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.355850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5414" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.355850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5414" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.355850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.355863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5414" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.355863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5414" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.355863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.355896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4998" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.355896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4998" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.355896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4998" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4998" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.355936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4567" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.355936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4567" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.355936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355947] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.355947] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355947] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4567" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.355947] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355947] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4567" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.355947] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356334] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.356334] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356334] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3551" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.356334] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356334] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3551" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.356334] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.356347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3551" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.356347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3551" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.356347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.356847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "16000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.356847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "16000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.356847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.356859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "16000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.356859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "16000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.356859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380867] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.380867] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380867] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "777" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.380867] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380867] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "777" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.380867] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.380870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1721" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.380870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1721" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.380870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.380883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "777" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.380883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "777" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.380883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.380885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1721" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.380885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1721" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.380885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.381354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1166" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.381354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1166" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.381354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.381367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1166" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.381367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1166" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.381367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.381396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5802" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.381396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5802" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.381396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5802" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5802" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381832] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.381832] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381832] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "90" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.381832] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381832] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "90" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.381832] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.381844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "90" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.381844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "90" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.381844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.382344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5102" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.382344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5102" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.382344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.382356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5102" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.382356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5102" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.382356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382846] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.382846] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382846] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "705" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.382846] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382846] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "705" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.382846] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.382858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "705" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.382858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "705" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.382858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.383342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.383342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.383342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.383342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.383342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.383342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- s00-raw: ++++ crowdsecurity/syslog-logs: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.383357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: '[66618945.383357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.383357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.383357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ StrTime: Dec 17 14:31:36 ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.383357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.383357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++finalresults: ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:31 sd-126005 kernel: [66618940.661938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=28 ID=26921 PROTO=TCP SPT=52809 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "80" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "40" ++++ logsource: syslog ++++ message: '[66618940.661938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=28 ID=26921 PROTO=TCP SPT=52809 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "52809" ++++ timestamp: Dec 17 14:31:31 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:31Z" ++++ StrTime: Dec 17 14:31:31 ++++ MarshaledTime: "2020-12-17T14:31:31Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:31 sd-126005 kernel: [66618940.662391] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=16966 PROTO=TCP SPT=52809 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "443" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618940.662391] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=16966 PROTO=TCP SPT=52809 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "52809" ++++ timestamp: Dec 17 14:31:31 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:31Z" ++++ StrTime: Dec 17 14:31:31 ++++ MarshaledTime: "2020-12-17T14:31:31Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.052919] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "53" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.052919] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ StrTime: Dec 17 14:31:32 ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.052961] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "53" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.052961] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21005 PROTO=TCP SPT=53065 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ StrTime: Dec 17 14:31:32 ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053010] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "113" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.053010] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ StrTime: Dec 17 14:31:32 ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053030] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "113" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.053030] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=11372 PROTO=TCP SPT=53065 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ StrTime: Dec 17 14:31:32 ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "995" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.053396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ StrTime: Dec 17 14:31:32 ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "995" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.053415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=28944 PROTO=TCP SPT=53065 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ StrTime: Dec 17 14:31:32 ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053456] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "199" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.053456] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ StrTime: Dec 17 14:31:32 ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "199" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.053473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=17445 PROTO=TCP SPT=53065 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ StrTime: Dec 17 14:31:32 ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3306" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.053512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ StrTime: Dec 17 14:31:32 ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3306" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.053529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5948 PROTO=TCP SPT=53065 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ StrTime: Dec 17 14:31:32 ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "21" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.053878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ StrTime: Dec 17 14:31:32 ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.053896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "21" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.053896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31577 PROTO=TCP SPT=53065 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ StrTime: Dec 17 14:31:32 ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3389" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.054389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ StrTime: Dec 17 14:31:32 ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3389" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.054409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=1732 PROTO=TCP SPT=53065 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ StrTime: Dec 17 14:31:32 ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "143" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.054412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ StrTime: Dec 17 14:31:32 ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054429] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "143" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.054429] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=27362 PROTO=TCP SPT=53065 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ StrTime: Dec 17 14:31:32 ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "23" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.054903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ StrTime: Dec 17 14:31:32 ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:32 sd-126005 kernel: [66618941.054922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "23" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618941.054922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=7677 PROTO=TCP SPT=53065 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:32 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ StrTime: Dec 17 14:31:32 ++++ MarshaledTime: "2020-12-17T14:31:32Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.149948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "23" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.149948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.149991] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "23" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.149991] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47324 PROTO=TCP SPT=53066 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.151918] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3389" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.151918] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.151950] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3389" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.151950] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63400 PROTO=TCP SPT=53066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.151995] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "53" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.151995] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152012] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "53" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.152012] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=21847 PROTO=TCP SPT=53066 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "143" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.152370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "143" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.152385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45327 PROTO=TCP SPT=53066 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152422] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "21" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.152422] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "21" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.152437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=65406 PROTO=TCP SPT=53066 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "199" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.152859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "199" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.152878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11370 PROTO=TCP SPT=53066 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3306" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.152915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152930] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3306" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.152930] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=43957 PROTO=TCP SPT=53066 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152964] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "995" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.152964] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.152980] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "995" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.152980] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=42393 PROTO=TCP SPT=53066 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.153388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "113" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.153388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.153404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "113" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.153404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=17239 PROTO=TCP SPT=53066 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.246912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=36687 PROTO=TCP SPT=53076 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "80" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "40" ++++ logsource: syslog ++++ message: '[66618942.246912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=36687 PROTO=TCP SPT=53076 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53076" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.254936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8080" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.254936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.254957] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8080" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.254957] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=2707 PROTO=TCP SPT=53065 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=9039 PROTO=TCP SPT=53065 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "80" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.255005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=9039 PROTO=TCP SPT=53065 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255411] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1720" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.255411] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255414] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "587" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.255414] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "587" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.255432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=4604 PROTO=TCP SPT=53065 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1720" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.255434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=21152 PROTO=TCP SPT=53065 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "135" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.255885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255905] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "135" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.255905] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=52911 PROTO=TCP SPT=53065 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "111" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.255948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.255965] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "111" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.255965] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=9177 PROTO=TCP SPT=53065 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=39157 PROTO=TCP SPT=53065 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "443" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.256005] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=39157 PROTO=TCP SPT=53065 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "110" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.256387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "110" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.256405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=65075 PROTO=TCP SPT=53065 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1723" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.256448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.256466] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1723" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.256466] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24552 PROTO=TCP SPT=53065 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.351410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "110" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.351410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.351424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "110" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.351424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=63568 PROTO=TCP SPT=53066 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.445896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8080" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.445896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.445911] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8080" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.445911] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=42946 PROTO=TCP SPT=53066 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "135" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.446358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446369] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "135" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.446369] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=5294 PROTO=TCP SPT=53066 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "111" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.446397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "111" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.446408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55671 PROTO=TCP SPT=53066 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1723" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.446438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1723" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.446449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11447 PROTO=TCP SPT=53066 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1025" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.446852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1025" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.446864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=49319 PROTO=TCP SPT=53065 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446891] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1720" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.446891] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1720" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.446903] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=52041 PROTO=TCP SPT=53066 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "587" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.446933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.446944] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "587" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.446944] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=26939 PROTO=TCP SPT=53066 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5900" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.447374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5900" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.447408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37862 PROTO=TCP SPT=53065 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447440] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "445" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.447440] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.447453] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "445" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.447453] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=29147 PROTO=TCP SPT=53065 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.448399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "139" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.448399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.448413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "139" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.448413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19463 PROTO=TCP SPT=53065 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.546912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "993" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.546912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.546926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "993" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.546926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21009 PROTO=TCP SPT=53065 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "554" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.547392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "554" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.547405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=11383 PROTO=TCP SPT=53065 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=59524 PROTO=TCP SPT=53065 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "22" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.547437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=59524 PROTO=TCP SPT=53065 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547515] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8888" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.547515] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547526] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8888" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.547526] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=29613 PROTO=TCP SPT=53065 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "445" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.547871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.547883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "445" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.547883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17466 PROTO=TCP SPT=53066 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5900" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.549400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5900" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.549413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=10108 PROTO=TCP SPT=53066 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "256" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.549446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "256" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.549457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=22112 PROTO=TCP SPT=53065 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1025" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.549485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1025" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.549496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=10305 PROTO=TCP SPT=53066 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1087" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.549881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1087" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.549893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=62132 PROTO=TCP SPT=53065 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "139" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.549922] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.549933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "139" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.549933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=42038 PROTO=TCP SPT=53066 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8888" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.647403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=38787 PROTO=TCP SPT=53066 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "22" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.647405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=38787 PROTO=TCP SPT=53066 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647447] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8888" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.647447] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=2746 PROTO=TCP SPT=53066 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "993" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.647872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "993" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.647885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=10328 PROTO=TCP SPT=53066 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "554" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.647914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.647926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "554" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.647926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=13847 PROTO=TCP SPT=53066 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1087" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.650409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1087" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.650423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=51466 PROTO=TCP SPT=53066 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1533" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.650866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1533" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.650879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=4934 PROTO=TCP SPT=53065 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5051" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.650908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5051" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.650920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=24647 PROTO=TCP SPT=53065 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "256" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.650948] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.650959] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "256" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.650959] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13682 PROTO=TCP SPT=53066 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1055" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.651367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651381] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1055" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.651381] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=36646 PROTO=TCP SPT=53065 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2557" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.651865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2557" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.651879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=45920 PROTO=TCP SPT=53065 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651909] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "512" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.651909] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.651920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "512" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.651920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53823 PROTO=TCP SPT=53065 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1174" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.751433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751471] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1174" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.751471] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=2612 PROTO=TCP SPT=53065 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8192" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.751872] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8192" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.751885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=43986 PROTO=TCP SPT=53065 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "407" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.751915] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "407" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.751926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=6902 PROTO=TCP SPT=53065 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751955] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "24800" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.751955] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.751966] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "24800" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.751966] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=61323 PROTO=TCP SPT=53065 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2557" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.752367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2557" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.752380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=64615 PROTO=TCP SPT=53066 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1055" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.752408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1055" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.752420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5874 PROTO=TCP SPT=53066 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1533" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.752446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752458] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1533" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.752458] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=17769 PROTO=TCP SPT=53066 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5051" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.752881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5051" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.752894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=46448 PROTO=TCP SPT=53066 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "10629" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.752925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.752936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "10629" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.752936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56561 PROTO=TCP SPT=53065 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753368] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "512" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.753368] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "512" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.753380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=18227 PROTO=TCP SPT=53066 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2393" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.753410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.753421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2393" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.753421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20655 PROTO=TCP SPT=53065 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8192" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.847405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8192" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.847421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13466 PROTO=TCP SPT=53066 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "24800" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.847862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.847877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "24800" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.847877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=48855 PROTO=TCP SPT=53066 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1174" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.848882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848898] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1174" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.848898] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=8240 PROTO=TCP SPT=53066 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "407" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.848933] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.848946] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "407" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.848946] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=27782 PROTO=TCP SPT=53066 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.849372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2393" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.849372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.849387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2393" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.849387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=44015 PROTO=TCP SPT=53066 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.850889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "10629" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.850889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.850904] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "10629" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.850904] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=20430 PROTO=TCP SPT=53066 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851361] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "7025" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.851361] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "7025" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.851376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58492 PROTO=TCP SPT=53065 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3030" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.851410] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3030" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.851423] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=25226 PROTO=TCP SPT=53065 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851491] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2106" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.851491] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851505] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2106" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.851505] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=43292 PROTO=TCP SPT=53065 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "264" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.851870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:33 sd-126005 kernel: [66618942.851884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "264" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618942.851884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=60598 PROTO=TCP SPT=53065 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:33 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ StrTime: Dec 17 14:31:33 ++++ MarshaledTime: "2020-12-17T14:31:33Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.952908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "264" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618943.952908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ StrTime: Dec 17 14:31:34 ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.952935] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "264" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618943.952935] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=56711 PROTO=TCP SPT=53066 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ StrTime: Dec 17 14:31:34 ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2106" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618943.953362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ StrTime: Dec 17 14:31:34 ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2106" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618943.953387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=12918 PROTO=TCP SPT=53066 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ StrTime: Dec 17 14:31:34 ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953418] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3030" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618943.953418] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ StrTime: Dec 17 14:31:34 ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3030" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618943.953438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3936 PROTO=TCP SPT=53066 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ StrTime: Dec 17 14:31:34 ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953468] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "7025" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618943.953468] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ StrTime: Dec 17 14:31:34 ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953489] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "7025" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618943.953489] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=9259 PROTO=TCP SPT=53066 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ StrTime: Dec 17 14:31:34 ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "10629" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618943.953855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ StrTime: Dec 17 14:31:34 ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.953868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "10629" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618943.953868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=37279 PROTO=TCP SPT=53067 DPT=10629 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ StrTime: Dec 17 14:31:34 ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2393" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618943.954374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ StrTime: Dec 17 14:31:34 ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2393" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618943.954386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=7568 PROTO=TCP SPT=53067 DPT=2393 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ StrTime: Dec 17 14:31:34 ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1174" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618943.954415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ StrTime: Dec 17 14:31:34 ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:34 sd-126005 kernel: [66618943.954427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1174" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618943.954427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=49596 PROTO=TCP SPT=53067 DPT=1174 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:34 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ StrTime: Dec 17 14:31:34 ++++ MarshaledTime: "2020-12-17T14:31:34Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.049409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=32937 PROTO=TCP SPT=53077 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "80" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "40" ++++ logsource: syslog ++++ message: '[66618944.049409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=32937 PROTO=TCP SPT=53077 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53077" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2106" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.051910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051924] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2106" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.051924] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44360 PROTO=TCP SPT=53067 DPT=2106 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051956] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "7025" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.051956] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.051967] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "7025" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.051967] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=19007 PROTO=TCP SPT=53067 DPT=7025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "264" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.052352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "24800" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.052363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "264" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.052365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=45967 PROTO=TCP SPT=53067 DPT=264 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "24800" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.052378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39778 PROTO=TCP SPT=53067 DPT=24800 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3030" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.052394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3030" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.052405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10156 PROTO=TCP SPT=53067 DPT=3030 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "407" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.052432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.052444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "407" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.052444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=59505 PROTO=TCP SPT=53067 DPT=407 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077892] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8192" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.077892] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077906] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8192" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.077906] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9373 PROTO=TCP SPT=53067 DPT=8192 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "512" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.077937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.077949] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "512" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.077949] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=56059 PROTO=TCP SPT=53067 DPT=512 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5051" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.078351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078364] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5051" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.078364] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=10654 PROTO=TCP SPT=53067 DPT=5051 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2557" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.078395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078407] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2557" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.078407] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=34768 PROTO=TCP SPT=53067 DPT=2557 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1055" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.078434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1055" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.078446] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19037 PROTO=TCP SPT=53067 DPT=1055 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1533" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.078473] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1533" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.078485] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59379 PROTO=TCP SPT=53067 DPT=1533 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "256" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.078858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.078871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "256" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.078871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=37746 PROTO=TCP SPT=53067 DPT=256 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.079353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1087" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.079353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.079366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1087" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.079366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25643 PROTO=TCP SPT=53067 DPT=1087 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "993" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.153394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "993" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.153412] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3771 PROTO=TCP SPT=53067 DPT=993 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "554" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.153449] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153463] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "554" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.153463] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=64314 PROTO=TCP SPT=53067 DPT=554 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153499] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "139" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.153499] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "139" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.153512] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=61795 PROTO=TCP SPT=53067 DPT=139 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153543] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8888" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.153543] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.153557] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8888" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.153557] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=3 PROTO=TCP SPT=53067 DPT=8888 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1025" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.154367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1025" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.154382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=35151 PROTO=TCP SPT=53067 DPT=1025 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5900" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.154845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.154860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5900" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.154860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44176 PROTO=TCP SPT=53067 DPT=5900 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "445" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.180389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "445" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.180404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=863 PROTO=TCP SPT=53067 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "587" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.180436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "587" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.180448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=60840 PROTO=TCP SPT=53067 DPT=587 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180474] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8080" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.180474] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180486] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8080" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.180486] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35713 PROTO=TCP SPT=53067 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180517] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1720" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.180517] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1720" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.180529] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=39355 PROTO=TCP SPT=53067 DPT=1720 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "111" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.180833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "111" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=23787 PROTO=TCP SPT=53067 DPT=111 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "135" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.180871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.180883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "135" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.180883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15612 PROTO=TCP SPT=53067 DPT=135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181340] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "110" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.181340] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "110" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.181352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57696 PROTO=TCP SPT=53067 DPT=110 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1723" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.181382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.181393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1723" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.181393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=10534 PROTO=TCP SPT=53067 DPT=1723 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.253887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "53" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.253887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.253902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "53" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.253902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=15739 PROTO=TCP SPT=53067 DPT=53 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "113" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.257374] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "113" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.257389] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=54114 PROTO=TCP SPT=53067 DPT=113 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3306" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.257420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3306" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.257432] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=55989 PROTO=TCP SPT=53067 DPT=3306 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "995" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.257459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257470] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "995" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.257470] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=20758 PROTO=TCP SPT=53067 DPT=995 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "199" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.257496] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257508] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "199" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.257508] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=9311 PROTO=TCP SPT=53067 DPT=199 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "21" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.257845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.257857] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "21" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.257857] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=22754 PROTO=TCP SPT=53067 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.278895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "143" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.278895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.278910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "143" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.278910] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=11918 PROTO=TCP SPT=53067 DPT=143 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279341] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3389" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.279341] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3389" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.279352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60660 PROTO=TCP SPT=53067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "16080" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.279844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "16080" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.279855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=22518 PROTO=TCP SPT=53065 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "23" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.279884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.279896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "23" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.279896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32091 PROTO=TCP SPT=53067 DPT=23 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282384] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5440" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.282384] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1062" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.282386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1062" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.282399] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62716 PROTO=TCP SPT=53065 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5440" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.282425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=55092 PROTO=TCP SPT=53065 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1069" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.282866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.282878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1069" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.282878] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7092 PROTO=TCP SPT=53065 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "44176" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.352380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "44176" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.352395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=22356 PROTO=TCP SPT=53065 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6009" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.352426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6009" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.352438] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37504 PROTO=TCP SPT=53065 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352836] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6646" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.352836] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6646" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.352848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=33164 PROTO=TCP SPT=53065 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "55600" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.352866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.352907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "55600" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.352907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=16518 PROTO=TCP SPT=53065 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.353357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3689" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.353357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.353370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3689" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.353370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=45991 PROTO=TCP SPT=53065 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "23502" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.355921] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "23502" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.355921] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=56903 PROTO=TCP SPT=53065 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "12000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.379405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379419] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "12000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.379419] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=61344 PROTO=TCP SPT=53065 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379451] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "16080" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.379451] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379462] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "16080" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.379462] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=31351 PROTO=TCP SPT=53066 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379490] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5915" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.379490] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379502] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5915" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.379502] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=20231 PROTO=TCP SPT=53065 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379534] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6969" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.379534] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.379545] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6969" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.379545] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=48502 PROTO=TCP SPT=53065 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4129" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.380373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4129" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.380385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=13692 PROTO=TCP SPT=53065 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1069" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.380852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.380865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1069" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.380865] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=5706 PROTO=TCP SPT=53066 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1062" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.381365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1062" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.381378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=56353 PROTO=TCP SPT=53066 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5440" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.381420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5440" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.381420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=49235 PROTO=TCP SPT=53066 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3689" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.452393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3689" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.452408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=59695 PROTO=TCP SPT=53066 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6009" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.452868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "55600" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.452871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6009" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.452887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=3585 PROTO=TCP SPT=53066 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "55600" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.452889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=43087 PROTO=TCP SPT=53066 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6646" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.452926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.452942] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6646" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.452942] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=57388 PROTO=TCP SPT=53066 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "44176" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.453352] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "44176" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.453367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=47706 PROTO=TCP SPT=53066 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "23502" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.453839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.453855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "23502" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.453855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=41171 PROTO=TCP SPT=53066 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5915" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.479378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5915" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.479392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=8287 PROTO=TCP SPT=53066 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4129" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.479425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4129" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.479437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=39498 PROTO=TCP SPT=53066 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "12000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.479841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "12000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.479853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28828 PROTO=TCP SPT=53066 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6969" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.479882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.479894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6969" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.479894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=32209 PROTO=TCP SPT=53066 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "16080" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.480345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "16080" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.480358] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43341 PROTO=TCP SPT=53067 DPT=16080 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1062" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.480848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.480860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1062" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.480860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=57357 PROTO=TCP SPT=53067 DPT=1062 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1069" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.481360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1069" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.481397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=59674 PROTO=TCP SPT=53067 DPT=1069 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5440" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.481436] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.481450] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5440" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.481450] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=44572 PROTO=TCP SPT=53067 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3689" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.552886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552888] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "55600" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.552888] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "55600" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.552901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=45754 PROTO=TCP SPT=53067 DPT=55600 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.552920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3689" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.552920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=62955 PROTO=TCP SPT=53067 DPT=3689 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "44176" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.554879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "44176" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.554893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=34700 PROTO=TCP SPT=53067 DPT=44176 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554927] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "23502" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.554927] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.554938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "23502" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.554938] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=22568 PROTO=TCP SPT=53067 DPT=23502 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6009" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.555353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6009" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.555365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=56208 PROTO=TCP SPT=53067 DPT=6009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6646" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.555392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.555403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6646" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.555403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=7007 PROTO=TCP SPT=53067 DPT=6646 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.580881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "12000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.580881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.580895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "12000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.580895] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=24214 PROTO=TCP SPT=53067 DPT=12000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581339] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4129" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.581339] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4129" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.581351] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31872 PROTO=TCP SPT=53067 DPT=4129 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6969" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.581378] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "6969" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.581390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=15727 PROTO=TCP SPT=53067 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5915" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.581420] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5915" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.581431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=19909 PROTO=TCP SPT=53067 DPT=5915 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "668" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.581842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.581855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "668" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.581855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=64020 PROTO=TCP SPT=53065 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9968" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.582344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3333" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.582347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3333" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.582359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5834 PROTO=TCP SPT=53065 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9968" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.582360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20632 PROTO=TCP SPT=53065 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1154" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.582390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.582401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1154" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.582401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=60395 PROTO=TCP SPT=53065 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.673897] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1075" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.673897] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.673912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1075" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.673912] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=3798 PROTO=TCP SPT=53065 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.674346] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9418" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.674346] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.674359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9418" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.674359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=20726 PROTO=TCP SPT=53065 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1034" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.683388] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1034" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.683403] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=21455 PROTO=TCP SPT=53065 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3971" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.683843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.683855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3971" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.683855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=4183 PROTO=TCP SPT=53065 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684343] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5060" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.684343] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5060" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.684355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=36370 PROTO=TCP SPT=53065 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4006" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.684382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.684393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4006" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.684393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=46179 PROTO=TCP SPT=53065 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.718886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "668" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.718886] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.718901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "668" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.718901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=13879 PROTO=TCP SPT=53066 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719330] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "30" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.719330] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "30" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.719342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=52769 PROTO=TCP SPT=53065 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1259" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.719839] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1259" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.719850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=6867 PROTO=TCP SPT=53065 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "18040" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.719877] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.719889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "18040" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.719889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10429 PROTO=TCP SPT=53065 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2119" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.723373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2119" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.723387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3001 PROTO=TCP SPT=53065 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1154" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.723848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723851] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3333" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.723851] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3333" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.723863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=53098 PROTO=TCP SPT=53066 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.723864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1154" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.723864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=1053 PROTO=TCP SPT=53066 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.724344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9968" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.724344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.724356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9968" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.724356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=11254 PROTO=TCP SPT=53066 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.780887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9418" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.780887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.780902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9418" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.780902] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10737 PROTO=TCP SPT=53066 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.781866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1075" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.781866] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.781901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1075" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.781901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=10794 PROTO=TCP SPT=53066 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4006" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.782344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4006" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.782357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=41061 PROTO=TCP SPT=53066 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5060" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.782404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782417] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5060" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.782417] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=53322 PROTO=TCP SPT=53066 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782445] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3971" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.782445] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3971" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.782457] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=31174 PROTO=TCP SPT=53066 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1034" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.782844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1034" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.782856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5179 PROTO=TCP SPT=53066 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2119" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.782885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.782896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2119" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.782896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27475 PROTO=TCP SPT=53066 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "30" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.783363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "30" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.783376] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=32032 PROTO=TCP SPT=53066 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "18040" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.783409] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "18040" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.783421] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=15390 PROTO=TCP SPT=53066 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1259" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.783448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.783460] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1259" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.783460] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53695 PROTO=TCP SPT=53066 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.784357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "668" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.784357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.784371] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "668" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.784371] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=8278 PROTO=TCP SPT=53067 DPT=668 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9968" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.812380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9968" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.812394] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21014 PROTO=TCP SPT=53067 DPT=9968 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1154" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.812426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1154" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.812437] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48843 PROTO=TCP SPT=53067 DPT=1154 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812469] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3333" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.812469] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.812481] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3333" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.812481] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=35037 PROTO=TCP SPT=53067 DPT=3333 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9418" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.874401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9418" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.874415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=30376 PROTO=TCP SPT=53067 DPT=9418 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1075" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.874448] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1075" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.874459] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=22384 PROTO=TCP SPT=53067 DPT=1075 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1034" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.874833] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.874845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1034" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.874845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=25457 PROTO=TCP SPT=53067 DPT=1034 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4006" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.875353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4006" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.875366] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40785 PROTO=TCP SPT=53067 DPT=4006 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3971" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.875395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3971" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.875406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=64076 PROTO=TCP SPT=53067 DPT=3971 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5060" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.875433] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.875444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5060" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.875444] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=33279 PROTO=TCP SPT=53067 DPT=5060 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "18040" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.880367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "18040" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.880382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=3453 PROTO=TCP SPT=53067 DPT=18040 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "30" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.880415] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "30" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.880426] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=55395 PROTO=TCP SPT=53067 DPT=30 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880830] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2119" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.880830] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2119" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.880842] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=50820 PROTO=TCP SPT=53067 DPT=2119 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1259" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.880870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.880881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1259" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.880881] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=51884 PROTO=TCP SPT=53067 DPT=1259 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "82" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.881362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "82" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.881375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=31472 PROTO=TCP SPT=53065 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881831] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1022" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.881831] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1022" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.881843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=18935 PROTO=TCP SPT=53065 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881873] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "903" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.881873] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.881885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "903" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.881885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=531 PROTO=TCP SPT=53065 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.882385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1277" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.882385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.882405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1277" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.882405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25511 PROTO=TCP SPT=53065 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2009" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.953400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2009" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.953434] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=44329 PROTO=TCP SPT=53065 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2135" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.953849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.953862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2135" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.953862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=45663 PROTO=TCP SPT=53065 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.954871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3260" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.954871] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.954884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3260" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.954884] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=20756 PROTO=TCP SPT=53065 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.955860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4125" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.955860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.955874] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4125" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.955874] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33563 PROTO=TCP SPT=53065 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9103" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.956353] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9103" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.956365] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=30095 PROTO=TCP SPT=53065 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "7741" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.956397] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:35 sd-126005 kernel: [66618944.956408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "7741" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.956408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=5421 PROTO=TCP SPT=53065 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:35 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ StrTime: Dec 17 14:31:35 ++++ MarshaledTime: "2020-12-17T14:31:35Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "82" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.980386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "82" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.980400] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=31900 PROTO=TCP SPT=53066 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "24444" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.980849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.980862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "24444" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.980862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=25405 PROTO=TCP SPT=53065 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2161" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.981354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2161" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.981367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=59263 PROTO=TCP SPT=53065 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981826] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3784" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.981826] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981837] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3784" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.981837] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7121 PROTO=TCP SPT=53065 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "31038" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.981864] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.981876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "31038" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.981876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=45771 PROTO=TCP SPT=53065 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1022" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.982355] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1022" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.982367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=42164 PROTO=TCP SPT=53066 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1277" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.982395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1277" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.982406] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=9953 PROTO=TCP SPT=53066 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "903" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.982843] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618944.982856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "903" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618944.982856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=35212 PROTO=TCP SPT=53066 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2135" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.053387] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053402] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2135" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.053402] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=16126 PROTO=TCP SPT=53066 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2009" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.053860] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.053894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2009" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.053894] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=45197 PROTO=TCP SPT=53066 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9103" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.055879] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9103" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.055893] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=45041 PROTO=TCP SPT=53066 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4125" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.055926] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4125" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.055937] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=35828 PROTO=TCP SPT=53066 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055982] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "7741" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.055982] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.055994] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "7741" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.055994] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=60605 PROTO=TCP SPT=53066 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.056363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3260" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.056363] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.056375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3260" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.056375] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=18122 PROTO=TCP SPT=53066 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.079863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3784" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.079863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.079876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3784" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.079876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=12964 PROTO=TCP SPT=53066 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080350] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2161" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.080350] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2161" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.080362] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=12565 PROTO=TCP SPT=53066 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "31038" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.080392] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "31038" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.080404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=9173 PROTO=TCP SPT=53066 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "24444" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.080431] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080443] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "24444" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.080443] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56513 PROTO=TCP SPT=53066 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080838] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "82" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.080838] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "903" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.080844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "82" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.080852] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7723 PROTO=TCP SPT=53067 DPT=82 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.080858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "903" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.080858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=3999 PROTO=TCP SPT=53067 DPT=903 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1277" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.082382] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1277" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.082395] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47718 PROTO=TCP SPT=53067 DPT=1277 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1022" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.082427] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.082439] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1022" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.082439] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=64264 PROTO=TCP SPT=53067 DPT=1022 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2009" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.156390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2009" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.156404] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=34934 PROTO=TCP SPT=53067 DPT=2009 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2135" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.156856] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.156869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2135" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.156869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58179 PROTO=TCP SPT=53067 DPT=2135 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.157868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3260" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.157868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.157882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3260" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.157882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40118 PROTO=TCP SPT=53067 DPT=3260 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "7741" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.158367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "7741" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.158380] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=45385 PROTO=TCP SPT=53067 DPT=7741 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4125" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.158413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4125" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.158424] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=41031 PROTO=TCP SPT=53067 DPT=4125 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9103" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.158841] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.158853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "9103" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.158853] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21409 PROTO=TCP SPT=53067 DPT=9103 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "24444" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.180390] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "24444" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.180405] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14992 PROTO=TCP SPT=53067 DPT=24444 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "31038" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.180845] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2161" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.180855] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "31038" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.180859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=32230 PROTO=TCP SPT=53067 DPT=31038 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "2161" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.180868] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=50127 PROTO=TCP SPT=53067 DPT=2161 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3784" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.180889] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.180901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3784" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.180901] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=52699 PROTO=TCP SPT=53067 DPT=3784 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "90" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.181373] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "90" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.181385] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=39299 PROTO=TCP SPT=53065 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5102" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.181848] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.181861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5102" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.181861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=1486 PROTO=TCP SPT=53065 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "705" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.182347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "705" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.182360] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=41117 PROTO=TCP SPT=53065 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.182847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.182859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.182859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=55019 PROTO=TCP SPT=53065 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.254882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3128" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.254882] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.254896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3128" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.254896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=56616 PROTO=TCP SPT=53065 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.255345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4998" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.255345] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.255357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4998" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.255357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=638 PROTO=TCP SPT=53065 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4567" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.256367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3551" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.256370] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256383] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3551" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.256383] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=17341 PROTO=TCP SPT=53065 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4567" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.256401] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=41301 PROTO=TCP SPT=53065 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "16000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.256413] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "16000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.256425] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39511 PROTO=TCP SPT=53065 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5414" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.256849] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.256861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5414" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.256861] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=59707 PROTO=TCP SPT=53065 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "90" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.280372] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "90" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.280386] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=19030 PROTO=TCP SPT=53066 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280835] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1166" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.280835] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1166" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.280847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=19231 PROTO=TCP SPT=53065 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280875] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5802" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.280875] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5802" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.280887] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21935 PROTO=TCP SPT=53065 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "777" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.280914] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.280925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "777" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.280925] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=30213 PROTO=TCP SPT=53065 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1721" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.281347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1721" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.281359] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=38092 PROTO=TCP SPT=53065 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53065" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.281869] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.281883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.281883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=43580 PROTO=TCP SPT=53066 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "705" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.282862] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "705" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.282876] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=58412 PROTO=TCP SPT=53066 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5102" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.282908] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.282920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5102" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.282920] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=44382 PROTO=TCP SPT=53066 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=34 ID=43247 PROTO=TCP SPT=53078 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "80" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "40" ++++ logsource: syslog ++++ message: '[66618945.355393] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=34 ID=43247 PROTO=TCP SPT=53078 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53078" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5414" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.355850] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5414" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.355863] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=9024 PROTO=TCP SPT=53066 DPT=5414 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4998" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.355896] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4998" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.355907] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=26819 PROTO=TCP SPT=53066 DPT=4998 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4567" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.355936] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.355947] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4567" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.355947] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=41140 PROTO=TCP SPT=53066 DPT=4567 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356334] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3551" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.356334] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "3551" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.356347] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=40874 PROTO=TCP SPT=53066 DPT=3551 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "16000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.356847] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.356859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "16000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.356859] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=9300 PROTO=TCP SPT=53066 DPT=16000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380867] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "777" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.380867] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1721" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.380870] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "777" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.380883] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=29673 PROTO=TCP SPT=53066 DPT=777 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.380885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1721" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.380885] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=47575 PROTO=TCP SPT=53066 DPT=1721 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1166" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.381354] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "1166" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.381367] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=40723 PROTO=TCP SPT=53066 DPT=1166 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5802" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.381396] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5802" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.381408] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=22808 PROTO=TCP SPT=53066 DPT=5802 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53066" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381832] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "90" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.381832] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.381844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "90" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.381844] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28420 PROTO=TCP SPT=53067 DPT=90 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5102" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.382344] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "5102" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.382356] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=17357 PROTO=TCP SPT=53067 DPT=5102 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382846] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "705" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.382846] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.382858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "705" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.382858] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=8271 PROTO=TCP SPT=53067 DPT=705 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.383342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.383342] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 17 14:31:36 sd-126005 kernel: [66618945.383357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ Src: ./collections/crowdsecurity/.tests/iptables/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "4000" ++++ facility: "" ++++ int_eth: enp1s0 ++++ length: "44" ++++ logsource: syslog ++++ message: '[66618945.383357] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=42.42.42.93 DST=51.15.166.67 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=53657 PROTO=TCP SPT=53067 DPT=4000 WINDOW=1024 RES=0x00 SYN URGP=0 ' ++++ pid: "" ++++ priority: "" ++++ program: kernel ++++ proto: TCP ++++ src_ip: 42.42.42.93 ++++ src_port: "53067" ++++ timestamp: Dec 17 14:31:36 ++++ timestamp8601: "" ++++ Enriched: ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ StrTime: Dec 17 14:31:36 ++++ MarshaledTime: "2020-12-17T14:31:36Z" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 42.42.42.93 diff --cc hub1/collections/crowdsecurity/.tests/iptables/po_input.yaml index 0000000,0000000,0000000,0000000..6348a25 new file mode 100644 --- /dev/null +++ b/hub1/collections/crowdsecurity/.tests/iptables/po_input.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,329 @@@@@ ++++- Type: 1 ++++ Alert: ++++ MapKey: 10a3ef02f2011534975441766719a68c88af1738 ++++ Sources: ++++ 42.42.42.93: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 42.42.42.93 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 42.42.42.93 ++++ Alert: ++++ capacity: 15 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ eventscount: 16 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 5s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/iptables-scan-multi_ports ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 42.42.42.93 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 42.42.42.93 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ APIAlerts: ++++ - capacity: 15 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ - meta: ++++ - key: log_type ++++ value: iptables_drop ++++ - key: service ++++ value: tcp ++++ - key: source_ip ++++ value: 42.42.42.93 ++++ timestamp: "2020-12-17T14:31:33Z" ++++ eventscount: 16 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 5s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/iptables-scan-multi_ports ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 42.42.42.93 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 42.42.42.93 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" diff --cc hub1/collections/crowdsecurity/.tests/mysql/acquis.yaml index 0000000,0000000,0000000,0000000..392ac69 new file mode 100644 --- /dev/null +++ b/hub1/collections/crowdsecurity/.tests/mysql/acquis.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,5 @@@@@ ++++mode: cat ++++filenames: ++++ - ./parsers/s01-parse/crowdsecurity/.tests/mysql-logs/mysql.log ++++labels: ++++ type: mysql diff --cc hub1/collections/crowdsecurity/.tests/mysql/mysql.log index 0000000,0000000,0000000,0000000..1a7caea new file mode 100644 --- /dev/null +++ b/hub1/collections/crowdsecurity/.tests/mysql/mysql.log @@@@@ -1,0 -1,0 -1,0 -1,0 +1,2 @@@@@ ++++Apr 16 05:13:40 ip-172-31-36-243.ap-northeast-2.compute.internal mysql[2769]: 2020-04-16T05:13:40.861934Z 344 [Note] Access denied for user 'root'@'27.155.87.54' (using password: YES) ++++Apr 16 05:13:41 ip-172-31-36-243.ap-northeast-2.compute.internal mysql[2769]: 2020-04-16T05:13:41.144260Z 345 [Note] Access denied for user 'root'@'27.155.87.54' (using password: NO) diff --cc hub1/collections/crowdsecurity/.tests/nginx/acquis.yaml index 0000000,0000000,0000000,0000000..672790f new file mode 100644 --- /dev/null +++ b/hub1/collections/crowdsecurity/.tests/nginx/acquis.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,5 @@@@@ ++++mode: cat ++++filenames: ++++ - ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log ++++labels: ++++ type: nginx diff --cc hub1/collections/crowdsecurity/.tests/nginx/nginx.log index 0000000,0000000,0000000,0000000..97bb2d8 new file mode 100644 --- /dev/null +++ b/hub1/collections/crowdsecurity/.tests/nginx/nginx.log @@@@@ -1,0 -1,0 -1,0 -1,0 +1,4 @@@@@ ++++5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1" ++++2.30.19.10 - - [04/Jan/2020:08:29:17 +0000] "GET / HTTP/1.1" 400 0 "-" "-" ++++52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" ++++www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" diff --cc hub1/collections/crowdsecurity/.tests/postfix/acquis.yaml index 0000000,0000000,0000000,0000000..7651330 new file mode 100644 --- /dev/null +++ b/hub1/collections/crowdsecurity/.tests/postfix/acquis.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,5 @@@@@ ++++mode: cat ++++filenames: ++++ - ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log ++++labels: ++++ type: syslog diff --cc hub1/collections/crowdsecurity/.tests/postfix/postfix.log index 0000000,0000000,0000000,0000000..35b939f new file mode 100644 --- /dev/null +++ b/hub1/collections/crowdsecurity/.tests/postfix/postfix.log @@@@@ -1,0 -1,0 -1,0 -1,0 +1,6 @@@@@ ++++Dec 7 23:23:36 mail postfix/smtpd[21281]: warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure ++++Dec 7 23:23:37 mail postfix/smtpd[21281]: disconnect from unknown[45.142.120.90] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4 ++++Dec 7 23:23:38 mail postfix/smtpd[21367]: connect from unknown[45.142.120.90] ++++Dec 7 23:23:40 mail postfix/smtpd[21207]: warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure ++++Dec 7 23:23:40 mail postfix/smtpd[21207]: disconnect from unknown[45.142.120.90] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4 ++++Dec 7 23:23:41 mail postfix/smtpd[21260]: connect from unknown[45.142.120.90] diff --cc hub1/collections/crowdsecurity/.tests/tcpdump/acquis.yaml index 0000000,0000000,0000000,0000000..1b70179 new file mode 100644 --- /dev/null +++ b/hub1/collections/crowdsecurity/.tests/tcpdump/acquis.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,5 @@@@@ ++++mode: cat ++++filenames: ++++ - ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log ++++labels: ++++ type: tcpdump diff --cc hub1/collections/crowdsecurity/.tests/tcpdump/tcpdump.log index 0000000,0000000,0000000,0000000..fc8fc16 new file mode 100644 --- /dev/null +++ b/hub1/collections/crowdsecurity/.tests/tcpdump/tcpdump.log @@@@@ -1,0 -1,0 -1,0 -1,0 +1,4 @@@@@ ++++11:29:42.550475 IP 1.2.3.4.43436 > 172.1.2.3.22: Flags [S], seq 2398030442, win 64240, options [mss 1460,sackOK,TS val 2908275146 ecr 0,nop,wscale 7], length 0 ++++11:29:42.550554 IP 172.1.2.3.22 > 1.2.3.4.43436: Flags [S.], seq 1252624761, ack 2398030443, win 62643, options [mss 8961,sackOK,TS val 1384641183 ecr 2908275146,nop,wscale 7], length 0 ++++11:31:20.553633 IP 4.2.3.1.21803 > 172.1.2.3.22: Flags [S], seq 3756801163, win 29200, options [mss 1460,sackOK,TS val 9368516 ecr 0,nop,wscale 7], length 0 ++++11:31:20.553713 IP 172.1.2.3.22 > 4.2.3.1.21803: Flags [S.], seq 1202442063, ack 3756801164, win 62643, options [mss 8961,sackOK,TS val 2669130073 ecr 9368516,nop,wscale 7], length 0 diff --cc hub1/collections/crowdsecurity/.tests/vsftpd/acquis.yaml index 0000000,0000000,0000000,0000000..f47d737 new file mode 100644 --- /dev/null +++ b/hub1/collections/crowdsecurity/.tests/vsftpd/acquis.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,5 @@@@@ ++++mode: cat ++++filenames: ++++ - ./parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/vsftpd.log ++++labels: ++++ type: vsftpd diff --cc hub1/collections/crowdsecurity/.tests/vsftpd/vsftpd.log index 0000000,0000000,0000000,0000000..5d2bc4b new file mode 100644 --- /dev/null +++ b/hub1/collections/crowdsecurity/.tests/vsftpd/vsftpd.log @@@@@ -1,0 -1,0 -1,0 -1,0 +1,3 @@@@@ ++++Mon Jun 8 12:08:44 2020 [pid 27245] CONNECT: Client "::ffff:93.24.101.89" ++++Mon Jun 8 12:08:53 2020 [pid 27244] [user] FAIL LOGIN: Client "::ffff:93.24.101.89" ++++Mon Jun 8 12:12:43 2020 [pid 27307] [ubuntu] OK LOGIN: Client "::ffff:93.24.101.89" diff --cc hub1/collections/crowdsecurity/apache2.md index 0000000,0000000,0000000,0000000..9ff8901 new file mode 100644 --- /dev/null +++ b/hub1/collections/crowdsecurity/apache2.md @@@@@ -1,0 -1,0 -1,0 -1,0 +1,4 @@@@@ ++++A collection for apache2 : ++++ - apache2 parser ++++ - base http scenarios for crawl, scan etc. ++++ diff --cc hub1/collections/crowdsecurity/apache2.yaml index 0000000,0000000,0000000,0000000..0bd826d new file mode 100644 --- /dev/null +++ b/hub1/collections/crowdsecurity/apache2.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,13 @@@@@ ++++parsers: ++++#generic post-parsing of http stuff ++++ - crowdsecurity/apache2-logs ++++collections: ++++ - crowdsecurity/base-http-scenarios ++++description: "apache2 support : parser and generic http scenarios " ++++author: crowdsecurity ++++tags: ++++ - linux ++++ - apache2 ++++ - crawl ++++ - scan ++++ diff --cc hub1/collections/crowdsecurity/base-http-scenarios.md index 0000000,0000000,0000000,0000000..d0e0ec6 new file mode 100644 --- /dev/null +++ b/hub1/collections/crowdsecurity/base-http-scenarios.md @@@@@ -1,0 -1,0 -1,0 -1,0 +1,14 @@@@@ ++++**contains no parser, meant to be embedded** ++++ ++++A collection of defensive (implementation independent) scenarios for http services : ++++ - aggressive crawl detection ++++ - scanning/probing detection ++++ - bad user-agent detection ++++ - path traversal detection ++++ - sensitive data access attempts detection ++++ - SQL injection detection ++++ ++++:warning: This collection is _not_ a WAF and this scenario does _not_ aims at replacing a WAF. ++++ ++++ ++++ diff --cc hub1/collections/crowdsecurity/base-http-scenarios.yaml index 0000000,0000000,0000000,0000000..70bc56a new file mode 100644 --- /dev/null +++ b/hub1/collections/crowdsecurity/base-http-scenarios.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,21 @@@@@ ++++parsers: ++++ - crowdsecurity/http-logs ++++scenarios: ++++ - crowdsecurity/http-crawl-non_statics ++++ - crowdsecurity/http-probing ++++ - crowdsecurity/http-bad-user-agent ++++ - crowdsecurity/http-path-traversal-probing ++++ - crowdsecurity/http-sensitive-files ++++ - crowdsecurity/http-sqli-probing ++++ - crowdsecurity/http-xss-probing ++++ - crowdsecurity/http-backdoors-attempts ++++ - ltsich/http-w00tw00t ++++ ++++description: "http common : scanners detection" ++++author: crowdsecurity ++++tags: ++++ - linux ++++ - http ++++ - crawl ++++ - scan ++++ diff --cc hub1/collections/crowdsecurity/dovecot.md index 0000000,0000000,0000000,0000000..f3592a4 new file mode 100644 --- /dev/null +++ b/hub1/collections/crowdsecurity/dovecot.md @@@@@ -1,0 -1,0 -1,0 -1,0 +1,18 @@@@@ ++++A collection for dovecot ++++ * dovecot log parsers ++++ * dovecot scenario bruteforce spam attempt ++++ ++++This collection mostly aims at getting similar spam protection as ++++the normal fail2ban dovecot configuration. ++++ ++++The relevant `acquis.yaml` should be: ++++ ++++```yaml ++++filenames: ++++ - /var/log/mail.log ++++labels: ++++ type: syslog ++++``` ++++ ++++ ++++> Contribution by https://github.com/LtSich diff --cc hub1/collections/crowdsecurity/dovecot.yaml index 0000000,0000000,0000000,0000000..e38a64d new file mode 100644 --- /dev/null +++ b/hub1/collections/crowdsecurity/dovecot.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,10 @@@@@ ++++parsers: ++++ - crowdsecurity/dovecot-logs ++++scenarios: ++++ - crowdsecurity/dovecot-spam ++++description: "dovecot support : parser and spammer detection" ++++author: crowdsecurity ++++tags: ++++ - linux ++++ - spam ++++ - bruteforce diff --cc hub1/collections/crowdsecurity/iptables.md index 0000000,0000000,0000000,0000000..69b4e10 new file mode 100644 --- /dev/null +++ b/hub1/collections/crowdsecurity/iptables.md @@@@@ -1,0 -1,0 -1,0 -1,0 +1,4 @@@@@ ++++A collection for portscan detection via iptables : ++++ - iptables parser (like in `-j LOG`) ++++ - multi port scan detection ++++ diff --cc hub1/collections/crowdsecurity/iptables.yaml index 0000000,0000000,0000000,0000000..c2dd114 new file mode 100644 --- /dev/null +++ b/hub1/collections/crowdsecurity/iptables.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,11 @@@@@ ++++parsers: ++++ - crowdsecurity/iptables-logs ++++scenarios: ++++ - crowdsecurity/iptables-scan-multi_ports ++++description: "iptables support : logs and port-scans detection scenarios" ++++author: crowdsecurity ++++tags: ++++ - linux ++++ - portscan ++++ - iptables ++++ diff --cc hub1/collections/crowdsecurity/linux.md index 0000000,0000000,0000000,0000000..5cb85a3 new file mode 100644 --- /dev/null +++ b/hub1/collections/crowdsecurity/linux.md @@@@@ -1,0 -1,0 -1,0 -1,0 +1,3 @@@@@ ++++**core package for linux** ++++ ++++contains support for syslog, do not remove. diff --cc hub1/collections/crowdsecurity/linux.yaml index 0000000,0000000,0000000,0000000..824a6ee new file mode 100644 --- /dev/null +++ b/hub1/collections/crowdsecurity/linux.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,11 @@@@@ ++++parsers: ++++ - crowdsecurity/syslog-logs ++++ - crowdsecurity/geoip-enrich ++++ - crowdsecurity/dateparse-enrich ++++collections: ++++ - crowdsecurity/sshd ++++description: "core linux support : syslog+geoip+ssh" ++++author: crowdsecurity ++++tags: ++++ - linux ++++ diff --cc hub1/collections/crowdsecurity/modsecurity.md index 0000000,0000000,0000000,0000000..a6968b7 new file mode 100644 --- /dev/null +++ b/hub1/collections/crowdsecurity/modsecurity.md @@@@@ -1,0 -1,0 -1,0 -1,0 +1,3 @@@@@ ++++A collection for modsecurity (tested only with Apache): ++++ - modsecurity parser: `crowdsecurity/modsecurity` ++++ - modsecurity scenario: `crowdsecurity/modsecurity diff --cc hub1/collections/crowdsecurity/modsecurity.yaml index 0000000,0000000,0000000,0000000..0f3ec23 new file mode 100644 --- /dev/null +++ b/hub1/collections/crowdsecurity/modsecurity.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,10 @@@@@ ++++parsers: ++++ - crowdsecurity/modsecurity ++++scenarios: ++++ - crowdsecurity/modsecurity ++++description: "modsecurity support : modsecurity parser and scenario" ++++author: crowdsecurity ++++tags: ++++ - linux ++++ - web ++++ - waf diff --cc hub1/collections/crowdsecurity/mysql.md index 0000000,0000000,0000000,0000000..5ba6bdb new file mode 100644 --- /dev/null +++ b/hub1/collections/crowdsecurity/mysql.md @@@@@ -1,0 -1,0 -1,0 -1,0 +1,4 @@@@@ ++++A collection for mysql services : ++++ - mysql logs parser ++++ - bruteforce detection ++++ diff --cc hub1/collections/crowdsecurity/mysql.yaml index 0000000,0000000,0000000,0000000..75d9f67 new file mode 100644 --- /dev/null +++ b/hub1/collections/crowdsecurity/mysql.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,10 @@@@@ ++++parsers: ++++ - crowdsecurity/mysql-logs ++++scenarios: ++++ - crowdsecurity/mysql-bf ++++description: "mysql support : logs and brute-force scenarios" ++++author: crowdsecurity ++++tags: ++++ - linux ++++ - mysql ++++ - bruteforce diff --cc hub1/collections/crowdsecurity/naxsi.md index 0000000,0000000,0000000,0000000..3460d5b new file mode 100644 --- /dev/null +++ b/hub1/collections/crowdsecurity/naxsi.md @@@@@ -1,0 -1,0 -1,0 -1,0 +1,4 @@@@@ ++++A collection to detect virtual patch violations : ++++ - naxsi logs parser ++++ - vpatch high id (>9999) trigger rule ++++ diff --cc hub1/collections/crowdsecurity/naxsi.yaml index 0000000,0000000,0000000,0000000..57ddda8 new file mode 100644 --- /dev/null +++ b/hub1/collections/crowdsecurity/naxsi.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,14 @@@@@ ++++parsers: ++++#generic post-parsing of http stuff ++++ - crowdsecurity/nginx-logs ++++ - crowdsecurity/naxsi-logs ++++scenarios: ++++ - crowdsecurity/naxsi-exploit-vpatch ++++description: "naxsi support : parser and vpatch scenario" ++++author: crowdsecurity ++++tags: ++++ - linux ++++ - nginx ++++ - naxsi ++++ - exploit ++++ diff --cc hub1/collections/crowdsecurity/nginx.md index 0000000,0000000,0000000,0000000..d3b3a04 new file mode 100644 --- /dev/null +++ b/hub1/collections/crowdsecurity/nginx.md @@@@@ -1,0 -1,0 -1,0 -1,0 +1,4 @@@@@ ++++A collection to defend nginx against common attacks : ++++ - nginx parser ++++ - base http scenarios (crawl, 404 scan, bf) ++++ diff --cc hub1/collections/crowdsecurity/nginx.yaml index 0000000,0000000,0000000,0000000..5e599f4 new file mode 100644 --- /dev/null +++ b/hub1/collections/crowdsecurity/nginx.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,13 @@@@@ ++++parsers: ++++#generic post-parsing of http stuff ++++ - crowdsecurity/nginx-logs ++++collections: ++++ - crowdsecurity/base-http-scenarios ++++description: "nginx support : parser and generic http scenarios" ++++author: crowdsecurity ++++tags: ++++ - linux ++++ - nginx ++++ - crawl ++++ - scan ++++ diff --cc hub1/collections/crowdsecurity/postfix.md index 0000000,0000000,0000000,0000000..ca61e3b new file mode 100644 --- /dev/null +++ b/hub1/collections/crowdsecurity/postfix.md @@@@@ -1,0 -1,0 -1,0 -1,0 +1,18 @@@@@ ++++A collection for postfix ++++ * postfix log parsers ++++ * postscreen log parser ++++ * postfix scenario bruteforce spam attempt ++++ * postscreen rb attempt blacklist ++++ ++++This collection mostly aims at getting a similar spam protection as ++++the normal fail2ban postfix configuration although postcreen log ++++management isn't included by default by fail2ban. ++++ ++++The relevant `acquis.yaml` should be: ++++ ++++```yaml ++++filenames: ++++ - /var/log/mail.log ++++labels: ++++ type: syslog ++++``` diff --cc hub1/collections/crowdsecurity/postfix.yaml index 0000000,0000000,0000000,0000000..8b12217 new file mode 100644 --- /dev/null +++ b/hub1/collections/crowdsecurity/postfix.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,11 @@@@@ ++++parsers: ++++ - crowdsecurity/postfix-logs ++++ - crowdsecurity/postscreen-logs ++++scenarios: ++++ - crowdsecurity/postfix-spam ++++description: "postfix support : parser and spammer detection" ++++author: crowdsecurity ++++tags: ++++ - linux ++++ - spam ++++ - bruteforce diff --cc hub1/collections/crowdsecurity/sshd.md index 0000000,0000000,0000000,0000000..79b3116 new file mode 100644 --- /dev/null +++ b/hub1/collections/crowdsecurity/sshd.md @@@@@ -1,0 -1,0 -1,0 -1,0 +1,5 @@@@@ ++++A collection to defend sshd against common attacks : ++++ - ssh parser ++++ - ssh bruteforce & enumeration detection ++++ ++++ diff --cc hub1/collections/crowdsecurity/sshd.yaml index 0000000,0000000,0000000,0000000..20a2e32 new file mode 100644 --- /dev/null +++ b/hub1/collections/crowdsecurity/sshd.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,11 @@@@@ ++++parsers: ++++ - crowdsecurity/sshd-logs ++++scenarios: ++++ - crowdsecurity/ssh-bf ++++description: "sshd support : parser and brute-force detection" ++++author: crowdsecurity ++++tags: ++++ - linux ++++ - ssh ++++ - bruteforce ++++ diff --cc hub1/collections/crowdsecurity/vsftpd.md index 0000000,0000000,0000000,0000000..1b1764f new file mode 100644 --- /dev/null +++ b/hub1/collections/crowdsecurity/vsftpd.md @@@@@ -1,0 -1,0 -1,0 -1,0 +1,3 @@@@@ ++++A collection to defend VSFTPD against common attacks : ++++- VSFTPD parser: `crowdsecurity/vsftpd-logs` ++++- bruteforce scenario : `crowdsecurity/vsftpd-bf` diff --cc hub1/collections/crowdsecurity/vsftpd.yaml index 0000000,0000000,0000000,0000000..8f05007 new file mode 100644 --- /dev/null +++ b/hub1/collections/crowdsecurity/vsftpd.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,10 @@@@@ ++++parsers: ++++ - crowdsecurity/vsftpd-logs ++++scenarios: ++++ - crowdsecurity/vsftpd-bf ++++description: "VSFTPD support : logs and brute-force scenarios" ++++author: crowdsecurity ++++tags: ++++ - linux ++++ - ftp ++++ - bruteforce diff --cc hub1/collections/crowdsecurity/whitelist-good-actors.md index 0000000,0000000,0000000,0000000..7b13e4c new file mode 100644 --- /dev/null +++ b/hub1/collections/crowdsecurity/whitelist-good-actors.md @@@@@ -1,0 -1,0 -1,0 -1,0 +1,4 @@@@@ ++++A collection to whitelist all good actors : ++++ - rdns to use it in whitelists that need rdns ++++ - rdns of all good search engine crawlers (googlebot, bing etc...) ++++ - trusted partners like cloudflare diff --cc hub1/collections/crowdsecurity/whitelist-good-actors.yaml index 0000000,0000000,0000000,0000000..69cf2fc new file mode 100644 --- /dev/null +++ b/hub1/collections/crowdsecurity/whitelist-good-actors.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,10 @@@@@ ++++postoverflows: ++++ - crowdsecurity/seo-bots-whitelist ++++ - crowdsecurity/cdn-whitelist ++++ - crowdsecurity/rdns ++++description: "Good actors whitelists" ++++author: crowdsecurity ++++tags: ++++ - whitelist ++++ - bots ++++ - partners diff --cc hub1/collections/crowdsecurity/wordpress.md index 0000000,0000000,0000000,0000000..29e1308 new file mode 100644 --- /dev/null +++ b/hub1/collections/crowdsecurity/wordpress.md @@@@@ -1,0 -1,0 -1,0 -1,0 +1,2 @@@@@ ++++A collection to defend wordpress against bruteforce : ++++ - wp-login.php bruteforce detection diff --cc hub1/collections/crowdsecurity/wordpress.yaml index 0000000,0000000,0000000,0000000..5936f8f new file mode 100644 --- /dev/null +++ b/hub1/collections/crowdsecurity/wordpress.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,9 @@@@@ ++++scenarios: ++++ - crowdsecurity/http-bf-wordpress_bf ++++description: "wordpress : bruteforce detection" ++++author: crowdsecurity ++++tags: ++++ - linux ++++ - wordpress ++++ - bruteforce ++++ diff --cc hub1/generate.go index 0000000,0000000,0000000,0000000..54e33f5 new file mode 100644 --- /dev/null +++ b/hub1/generate.go @@@@@ -1,0 -1,0 -1,0 -1,0 +1,194 @@@@@ ++++package main ++++ ++++import ( ++++ "encoding/base64" ++++ "fmt" ++++ "io/ioutil" ++++ "log" ++++ "os" ++++ "path" ++++ "path/filepath" ++++ "strconv" ++++ "strings" ++++ ++++ "gopkg.in/yaml.v2" ++++) ++++ ++++func inSlice(s string, slice []string) bool { ++++ for _, str := range slice { ++++ if str == s { ++++ return true ++++ } ++++ } ++++ return false ++++} ++++ ++++func (ti *typeInfo) generate(filepath string, configType string) (string, error) { ++++ pathSplit := strings.Split(filepath, "/") ++++ //generate doc path ? ++++ pdocpath := strings.Replace(filepath, ".yaml", ".md", 1) ++++ ++++ if pathSplit[0] != configType { ++++ return "", fmt.Errorf("invalid filepath (doesn't start with scenarios) : %s", filepath) ++++ } ++++ ++++ // Remove the first item (we don't need it) ++++ pathSplit = pathSplit[1:] ++++ ++++ // set user, stage and config name ++++ var user string ++++ var configName string ++++ if configType == "parsers" || configType == "postoverflows" { ++++ if len(pathSplit) != 3 { ++++ return "", fmt.Errorf("invalid filepath '%s', should be : './%s///'", configType, filepath) ++++ } ++++ ti.Stage = pathSplit[0] ++++ user = pathSplit[1] ++++ configName = pathSplit[2] ++++ configName = strings.Split(configName, ".")[0] ++++ } else if configType == "scenarios" { ++++ if len(pathSplit) != 2 { ++++ return "", fmt.Errorf("invalid filepath '%s', should be : './scenarios//'", filepath) ++++ } ++++ user = pathSplit[0] ++++ configName = pathSplit[1] ++++ configName = strings.Split(configName, ".")[0] ++++ } else if configType == "collections" { ++++ if len(pathSplit) != 2 { ++++ return "", fmt.Errorf("invalid filepath '%s', should be : './collections//'", filepath) ++++ } ++++ user = pathSplit[0] ++++ configName = pathSplit[1] ++++ configName = strings.Split(configName, ".")[0] ++++ } ++++ ++++ // set the filepath ++++ ti.Path = filepath ++++ // set the author from the user ++++ ti.Author = user ++++ ++++ // set file information : autor, references, description ++++ ++++ /* Get description, author and references from the file */ ++++ var fInfo fileInfo ++++ yamlFile, err := ioutil.ReadFile(filepath) ++++ if err != nil { ++++ return "", err ++++ } ++++ err = yaml.Unmarshal(yamlFile, &fInfo) ++++ if err != nil { ++++ return "", err ++++ } ++++ if fInfo.Author != "" { ++++ ti.Author = fInfo.Author ++++ } ++++ if len(fInfo.References) > 0 { ++++ ti.References = fInfo.References ++++ } ++++ ++++ if fInfo.Description != "" { ++++ ti.Description = fInfo.Description ++++ } ++++ ++++ if fInfo.Labels != nil { ++++ ti.Labels = fInfo.Labels ++++ ++++ // var tags_to_keep = []string{"service", "type"} ++++ // for _, v := range tags_to_keep { ++++ // if x, ok := fInfo.Labels[v]; ok { ++++ // ti.Tags = append(ti.Tags, x) ++++ // } ++++ // } ++++ } ++++ ++++ if configType == "collections" { ++++ if len(fInfo.Parsers) > 0 { ++++ ti.Parsers = fInfo.Parsers ++++ } ++++ if len(fInfo.PostOverflows) > 0 { ++++ ti.PostOverflows = fInfo.PostOverflows ++++ } ++++ if len(fInfo.Scenarios) > 0 { ++++ ti.Scenarios = fInfo.Scenarios ++++ } ++++ if len(fInfo.Collections) > 0 { ++++ ti.Collections = fInfo.Collections ++++ } ++++ } ++++ ++++ // versions informations (digest and deprecated for each version) ++++ if len(ti.Versions) == 0 { ++++ ti.Versions = make(map[string]versionInfo) ++++ h, err := getSHA256(filepath) ++++ if err != nil { ++++ return "", fmt.Errorf("unable to get sha256 of '%s' : %v", filepath, err) ++++ } ++++ var vInfo versionInfo ++++ vInfo.Digest = h ++++ vInfo.Deprecated = false ++++ ti.Versions["0.1"] = vInfo ++++ ti.Version = "0.1" ++++ } else { ++++ lastVersion := ti.Version ++++ lastDigest := ti.Versions[lastVersion].Digest ++++ currentDigest, err := getSHA256(filepath) ++++ if err != nil { ++++ return "", fmt.Errorf("unable to get sha256 of '%s' : %v", filepath, err) ++++ } ++++ if currentDigest != lastDigest { ++++ floatVersion, err := strconv.ParseFloat(ti.Version, 32) ++++ if err != nil { ++++ return "", fmt.Errorf("unable to convert version '%s' to float : %s", ti.Version, err.Error()) ++++ } ++++ newVersion := fmt.Sprintf("%0.1f", floatVersion+0.1) ++++ ti.Version = newVersion ++++ log.Printf("%s new version : %s (sha:%s)", ti.Path, newVersion, currentDigest) ++++ var vInfo versionInfo ++++ vInfo.Digest = currentDigest ++++ vInfo.Deprecated = false ++++ ti.Versions[newVersion] = vInfo ++++ } ++++ } ++++ ++++ hubName := fmt.Sprintf("%s/%s", user, configName) ++++ /*if we're all good, check if markdown documentation exists and join it*/ ++++ //pdocpath ++++ mdFile, err := ioutil.ReadFile(pdocpath) ++++ if err == nil { ++++ ti.LongDescription = base64.StdEncoding.EncodeToString([]byte(string(mdFile))) ++++ } ++++ ti.FileContent = base64.StdEncoding.EncodeToString([]byte(string(yamlFile))) ++++ return hubName, nil ++++} ++++ ++++func generateIndex(configType string) (map[string]typeInfo, error) { ++++ var files []string ++++ tInfo := make(map[string]typeInfo) ++++ folder := path.Join("./", configType) ++++ ++++ err := filepath.Walk(folder, func(path string, info os.FileInfo, err error) error { ++++ if strings.HasSuffix(path, ".yaml") { ++++ files = append(files, path) ++++ } ++++ return nil ++++ }) ++++ ++++ if err != nil { ++++ panic(err) ++++ } ++++ ++++ for _, filepath := range files { ++++ if strings.HasPrefix(filepath, folder) { ++++ var info typeInfo ++++ var hubName string ++++ var err error ++++ hubName, err = info.generate(filepath, configType) ++++ if err != nil { ++++ fmt.Printf("skipping '%s' because : %s\n", filepath, err.Error()) ++++ } else { ++++ tInfo[hubName] = info ++++ } ++++ } ++++ } ++++ return tInfo, nil ++++} diff --cc hub1/go.mod index 0000000,0000000,0000000,0000000..917ebb6 new file mode 100644 --- /dev/null +++ b/hub1/go.mod @@@@@ -1,0 -1,0 -1,0 -1,0 +1,13 @@@@@ ++++module main ++++ ++++go 1.13 ++++ ++++require ( ++++ github.com/crowdsecurity/crowdsec v1.0.2 ++++ github.com/davecgh/go-spew v1.1.1 ++++ github.com/google/go-github v17.0.0+incompatible ++++ github.com/prometheus/common v0.15.0 ++++ golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d ++++ google.golang.org/appengine v1.6.6 ++++ gopkg.in/yaml.v2 v2.3.0 ++++) diff --cc hub1/parsers/s00-raw/crowdsecurity/.tests/syslog-logs/acquis.yaml index 0000000,0000000,0000000,0000000..810e231 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s00-raw/crowdsecurity/.tests/syslog-logs/acquis.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,3 @@@@@ ++++mode: cat ++++filenames: ++++ - ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log diff --cc hub1/parsers/s00-raw/crowdsecurity/.tests/syslog-logs/config.yaml index 0000000,0000000,0000000,0000000..ff3c2ac new file mode 100644 --- /dev/null +++ b/hub1/parsers/s00-raw/crowdsecurity/.tests/syslog-logs/config.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,7 @@@@@ ++++parser_results: parser_results.yaml ++++acquisition_file: acquis.yaml ++++#configuration ++++index: "./config/hub/.index.json" ++++configurations: ++++ parsers: ++++ - crowdsecurity/syslog-logs diff --cc hub1/parsers/s00-raw/crowdsecurity/.tests/syslog-logs/parser_results.yaml index 0000000,0000000,0000000,0000000..f378293 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s00-raw/crowdsecurity/.tests/syslog-logs/parser_results.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,217 @@@@@ ++++provisionalresults: ++++- s00-raw: ++++ crowdsecurity/non-syslog: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 9 15:32:28 ghoua anacron[60105]: Anacron 2.3 started on 2020-12-09' ++++ Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log ++++ time: 0001-01-01T00:00:00Z ++++ process: true ++++ Parsed: ++++ message: 'Dec 9 15:32:28 ghoua anacron[60105]: Anacron 2.3 started on 2020-12-09' ++++ s01-parse: ++++ "": ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 9 15:32:28 ghoua anacron[60105]: Anacron 2.3 started on 2020-12-09' ++++ Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log ++++ time: 0001-01-01T00:00:00Z ++++ process: true ++++ Parsed: ++++ message: 'Dec 9 15:32:28 ghoua anacron[60105]: Anacron 2.3 started on 2020-12-09' ++++ s02-enrich: ++++ "": ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 9 15:32:28 ghoua anacron[60105]: Anacron 2.3 started on 2020-12-09' ++++ Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log ++++ time: 0001-01-01T00:00:00Z ++++ process: true ++++ Parsed: ++++ message: 'Dec 9 15:32:28 ghoua anacron[60105]: Anacron 2.3 started on 2020-12-09' ++++- s00-raw: ++++ crowdsecurity/non-syslog: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 9 15:32:28 ghoua systemd[1]: anacron.service: Succeeded.' ++++ Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log ++++ time: 0001-01-01T00:00:00Z ++++ process: true ++++ Parsed: ++++ message: 'Dec 9 15:32:28 ghoua systemd[1]: anacron.service: Succeeded.' ++++ s01-parse: ++++ "": ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 9 15:32:28 ghoua systemd[1]: anacron.service: Succeeded.' ++++ Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log ++++ time: 0001-01-01T00:00:00Z ++++ process: true ++++ Parsed: ++++ message: 'Dec 9 15:32:28 ghoua systemd[1]: anacron.service: Succeeded.' ++++ s02-enrich: ++++ "": ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 9 15:32:28 ghoua systemd[1]: anacron.service: Succeeded.' ++++ Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log ++++ time: 0001-01-01T00:00:00Z ++++ process: true ++++ Parsed: ++++ message: 'Dec 9 15:32:28 ghoua systemd[1]: anacron.service: Succeeded.' ++++- s00-raw: ++++ crowdsecurity/non-syslog: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 9 15:40:20 ghoua NetworkManager[1028]: [1607524820.0263] manager: NetworkManager state is now CONNECTED_SITE' ++++ Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log ++++ time: 0001-01-01T00:00:00Z ++++ process: true ++++ Parsed: ++++ message: 'Dec 9 15:40:20 ghoua NetworkManager[1028]: [1607524820.0263] manager: NetworkManager state is now CONNECTED_SITE' ++++ s01-parse: ++++ "": ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 9 15:40:20 ghoua NetworkManager[1028]: [1607524820.0263] manager: NetworkManager state is now CONNECTED_SITE' ++++ Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log ++++ time: 0001-01-01T00:00:00Z ++++ process: true ++++ Parsed: ++++ message: 'Dec 9 15:40:20 ghoua NetworkManager[1028]: [1607524820.0263] manager: NetworkManager state is now CONNECTED_SITE' ++++ s02-enrich: ++++ "": ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 9 15:40:20 ghoua NetworkManager[1028]: [1607524820.0263] manager: NetworkManager state is now CONNECTED_SITE' ++++ Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log ++++ time: 0001-01-01T00:00:00Z ++++ process: true ++++ Parsed: ++++ message: 'Dec 9 15:40:20 ghoua NetworkManager[1028]: [1607524820.0263] manager: NetworkManager state is now CONNECTED_SITE' ++++- s00-raw: ++++ crowdsecurity/non-syslog: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 9 15:40:20 ghoua systemd[1]: Starting Network Manager Script Dispatcher Service...' ++++ Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log ++++ time: 0001-01-01T00:00:00Z ++++ process: true ++++ Parsed: ++++ message: 'Dec 9 15:40:20 ghoua systemd[1]: Starting Network Manager Script Dispatcher Service...' ++++ s01-parse: ++++ "": ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 9 15:40:20 ghoua systemd[1]: Starting Network Manager Script Dispatcher Service...' ++++ Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log ++++ time: 0001-01-01T00:00:00Z ++++ process: true ++++ Parsed: ++++ message: 'Dec 9 15:40:20 ghoua systemd[1]: Starting Network Manager Script Dispatcher Service...' ++++ s02-enrich: ++++ "": ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 9 15:40:20 ghoua systemd[1]: Starting Network Manager Script Dispatcher Service...' ++++ Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log ++++ time: 0001-01-01T00:00:00Z ++++ process: true ++++ Parsed: ++++ message: 'Dec 9 15:40:20 ghoua systemd[1]: Starting Network Manager Script Dispatcher Service...' ++++- s00-raw: ++++ crowdsecurity/non-syslog: ++++ ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 9 15:40:33 ghoua systemd[1]: NetworkManager-dispatcher.service: Succeeded.' ++++ Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log ++++ time: 0001-01-01T00:00:00Z ++++ process: true ++++ Parsed: ++++ message: 'Dec 9 15:40:33 ghoua systemd[1]: NetworkManager-dispatcher.service: Succeeded.' ++++ s01-parse: ++++ "": ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 9 15:40:33 ghoua systemd[1]: NetworkManager-dispatcher.service: Succeeded.' ++++ Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log ++++ time: 0001-01-01T00:00:00Z ++++ process: true ++++ Parsed: ++++ message: 'Dec 9 15:40:33 ghoua systemd[1]: NetworkManager-dispatcher.service: Succeeded.' ++++ s02-enrich: ++++ "": ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 9 15:40:33 ghoua systemd[1]: NetworkManager-dispatcher.service: Succeeded.' ++++ Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log ++++ time: 0001-01-01T00:00:00Z ++++ process: true ++++ Parsed: ++++ message: 'Dec 9 15:40:33 ghoua systemd[1]: NetworkManager-dispatcher.service: Succeeded.' ++++finalresults: ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 9 15:32:28 ghoua anacron[60105]: Anacron 2.3 started on 2020-12-09' ++++ Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log ++++ time: 0001-01-01T00:00:00Z ++++ process: true ++++ Parsed: ++++ message: 'Dec 9 15:32:28 ghoua anacron[60105]: Anacron 2.3 started on 2020-12-09' ++++ Process: true ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 9 15:32:28 ghoua systemd[1]: anacron.service: Succeeded.' ++++ Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log ++++ time: 0001-01-01T00:00:00Z ++++ process: true ++++ Parsed: ++++ message: 'Dec 9 15:32:28 ghoua systemd[1]: anacron.service: Succeeded.' ++++ Process: true ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 9 15:40:20 ghoua NetworkManager[1028]: [1607524820.0263] manager: NetworkManager state is now CONNECTED_SITE' ++++ Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log ++++ time: 0001-01-01T00:00:00Z ++++ process: true ++++ Parsed: ++++ message: 'Dec 9 15:40:20 ghoua NetworkManager[1028]: [1607524820.0263] manager: NetworkManager state is now CONNECTED_SITE' ++++ Process: true ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 9 15:40:20 ghoua systemd[1]: Starting Network Manager Script Dispatcher Service...' ++++ Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log ++++ time: 0001-01-01T00:00:00Z ++++ process: true ++++ Parsed: ++++ message: 'Dec 9 15:40:20 ghoua systemd[1]: Starting Network Manager Script Dispatcher Service...' ++++ Process: true ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 9 15:40:33 ghoua systemd[1]: NetworkManager-dispatcher.service: Succeeded.' ++++ Src: ./parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log ++++ time: 0001-01-01T00:00:00Z ++++ process: true ++++ Parsed: ++++ message: 'Dec 9 15:40:33 ghoua systemd[1]: NetworkManager-dispatcher.service: Succeeded.' ++++ Process: true diff --cc hub1/parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log index 0000000,0000000,0000000,0000000..397f042 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s00-raw/crowdsecurity/.tests/syslog-logs/syslog.log @@@@@ -1,0 -1,0 -1,0 -1,0 +1,5 @@@@@ ++++Dec 9 15:32:28 ghoua anacron[60105]: Anacron 2.3 started on 2020-12-09 ++++Dec 9 15:32:28 ghoua systemd[1]: anacron.service: Succeeded. ++++Dec 9 15:40:20 ghoua NetworkManager[1028]: [1607524820.0263] manager: NetworkManager state is now CONNECTED_SITE ++++Dec 9 15:40:20 ghoua systemd[1]: Starting Network Manager Script Dispatcher Service... ++++Dec 9 15:40:33 ghoua systemd[1]: NetworkManager-dispatcher.service: Succeeded. diff --cc hub1/parsers/s00-raw/crowdsecurity/syslog-logs.md index 0000000,0000000,0000000,0000000..7ce8c8e new file mode 100644 --- /dev/null +++ b/hub1/parsers/s00-raw/crowdsecurity/syslog-logs.md @@@@@ -1,0 -1,0 -1,0 -1,0 +1,5 @@@@@ ++++# Syslog parser ++++ ++++This is a generic linux syslog parser with time-support. ++++This one often works along `crowdsecurity/skip-pretag` ++++ diff --cc hub1/parsers/s00-raw/crowdsecurity/syslog-logs.yaml index 0000000,0000000,0000000,0000000..7b05c9b new file mode 100644 --- /dev/null +++ b/hub1/parsers/s00-raw/crowdsecurity/syslog-logs.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,30 @@@@@ ++++#If it's syslog, we are going to extract progname from it ++++filter: "evt.Line.Labels.type == 'syslog'" ++++onsuccess: next_stage ++++name: crowdsecurity/syslog-logs ++++grok: ++++ #this is a named regular expression. grok patterns can be kept into separate files for readability ++++ name: "SYSLOGLINE" ++++ #This is the field of the `Event` to which the regexp should be applied ++++ apply_on: Line.Raw ++++#if the node was successfull, statics will be applied. ++++statics: ++++ - parsed: "logsource" ++++ value: "syslog" ++++# syslog date can be in two different fields (one of hte assignment will fail) ++++ - target: evt.StrTime ++++ expression: evt.Parsed.timestamp ++++ - target: evt.StrTime ++++ expression: evt.Parsed.timestamp8601 ++++--- ++++#if it's not syslog, the type is the progname ++++filter: "evt.Line.Labels.type != 'syslog'" ++++onsuccess: next_stage ++++name: crowdsecurity/non-syslog ++++#debug: true ++++statics: ++++ - parsed: message ++++ expression: evt.Line.Raw ++++ - parsed: program ++++ expression: evt.Line.Labels.type ++++--- diff --cc hub1/parsers/s01-parse/crowdsecurity/.tests/apache2-logs/config.yaml index 0000000,0000000,0000000,0000000..c397976 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/.tests/apache2-logs/config.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,7 @@@@@ ++++parser_input: parser_input.yaml ++++parser_results: parser_results.yaml ++++#configuration ++++index: "./config/hub/.index.json" ++++configurations: ++++ parsers: ++++ - crowdsecurity/apache2-logs diff --cc hub1/parsers/s01-parse/crowdsecurity/.tests/apache2-logs/parser_input.yaml index 0000000,0000000,0000000,0000000..a9077e6 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/.tests/apache2-logs/parser_input.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,70 @@@@@ ++++- ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "GET / HTTP/1.0" 500 803 "-" "-" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log ++++ time: 2020-12-11T12:43:47.855054626+01:00 ++++ Labels: ++++ type: apache2 ++++ process: true ++++ Parsed: ++++ message: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "GET / HTTP/1.0" 500 803 "-" "-" ++++ program: apache2 ++++ Time: 2020-12-11T12:43:47.855149953+01:00 ++++ Process: true ++++- ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 164.68.112.178 - - [08/Jun/2020:07:01:28 +0000] "GET / HTTP/1.0" 500 799 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log ++++ time: 2020-12-11T12:43:47.855221252+01:00 ++++ Labels: ++++ type: apache2 ++++ process: true ++++ Parsed: ++++ message: 164.68.112.178 - - [08/Jun/2020:07:01:28 +0000] "GET / HTTP/1.0" 500 799 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" ++++ program: apache2 ++++ Time: 2020-12-11T12:43:47.855589313+01:00 ++++ Process: true ++++- ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log ++++ time: 2020-12-11T12:43:47.85565447+01:00 ++++ Labels: ++++ type: apache2 ++++ process: true ++++ Parsed: ++++ message: 195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" ++++ program: apache2 ++++ Time: 2020-12-11T12:43:47.855803402+01:00 ++++ Process: true ++++- ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log ++++ time: 2020-12-11T12:43:47.855911794+01:00 ++++ Labels: ++++ type: apache2 ++++ process: true ++++ Parsed: ++++ message: www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" ++++ program: apache2 ++++ Time: 2020-12-11T12:43:47.855995358+01:00 ++++ Process: true ++++- ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "POST /login HTTP/1.0" 500 803 "-" "-" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log ++++ time: 2020-12-11T12:43:47.855054626+01:00 ++++ Labels: ++++ type: apache2 ++++ process: true ++++ Parsed: ++++ message: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "POST /login HTTP/1.0" 500 803 "-" "-" ++++ program: apache2 ++++ Time: 2020-12-11T12:43:47.855149953+01:00 ++++ Process: true diff --cc hub1/parsers/s01-parse/crowdsecurity/.tests/apache2-logs/parser_results.yaml index 0000000,0000000,0000000,0000000..6715113 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/.tests/apache2-logs/parser_results.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,512 @@@@@ ++++provisionalresults: ++++- s00-raw: {} ++++ s01-parse: ++++ crowdsecurity/apache2-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "GET / HTTP/1.0" 500 803 "-" "-" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: apache2 ++++ process: true ++++ Parsed: ++++ auth: '-' ++++ bytes: "803" ++++ clientip: 93.43.209.58 ++++ http_user_agent: '"-"' ++++ httpversion: "1.0" ++++ ident: '-' ++++ message: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "GET / HTTP/1.0" 500 803 "-" "-" ++++ program: apache2 ++++ rawrequest: "" ++++ referrer: '"-"' ++++ request: / ++++ response: "500" ++++ target_fqdn: "" ++++ timestamp: 08/Jun/2020:06:49:01 +0000 ++++ verb: GET ++++ StrTime: 08/Jun/2020:06:49:01 +0000 ++++ Meta: ++++ http_path: / ++++ http_status: "500" ++++ log_type: http_access-log ++++ service: http ++++ source_ip: 93.43.209.58 ++++ s02-enrich: ++++ "": ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "GET / HTTP/1.0" 500 803 "-" "-" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: apache2 ++++ process: true ++++ Parsed: ++++ auth: '-' ++++ bytes: "803" ++++ clientip: 93.43.209.58 ++++ http_user_agent: '"-"' ++++ httpversion: "1.0" ++++ ident: '-' ++++ message: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "GET / HTTP/1.0" 500 803 "-" "-" ++++ program: apache2 ++++ rawrequest: "" ++++ referrer: '"-"' ++++ request: / ++++ response: "500" ++++ target_fqdn: "" ++++ timestamp: 08/Jun/2020:06:49:01 +0000 ++++ verb: GET ++++ StrTime: 08/Jun/2020:06:49:01 +0000 ++++ Meta: ++++ http_path: / ++++ http_status: "500" ++++ log_type: http_access-log ++++ service: http ++++ source_ip: 93.43.209.58 ++++- s00-raw: {} ++++ s01-parse: ++++ crowdsecurity/apache2-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 164.68.112.178 - - [08/Jun/2020:07:01:28 +0000] "GET / HTTP/1.0" 500 799 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: apache2 ++++ process: true ++++ Parsed: ++++ auth: '-' ++++ bytes: "799" ++++ clientip: 164.68.112.178 ++++ http_user_agent: '"masscan/1.0 (https://github.com/robertdavidgraham/masscan)"' ++++ httpversion: "1.0" ++++ ident: '-' ++++ message: 164.68.112.178 - - [08/Jun/2020:07:01:28 +0000] "GET / HTTP/1.0" 500 799 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" ++++ program: apache2 ++++ rawrequest: "" ++++ referrer: '"-"' ++++ request: / ++++ response: "500" ++++ target_fqdn: "" ++++ timestamp: 08/Jun/2020:07:01:28 +0000 ++++ verb: GET ++++ StrTime: 08/Jun/2020:07:01:28 +0000 ++++ Meta: ++++ http_path: / ++++ http_status: "500" ++++ log_type: http_access-log ++++ service: http ++++ source_ip: 164.68.112.178 ++++ s02-enrich: ++++ "": ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 164.68.112.178 - - [08/Jun/2020:07:01:28 +0000] "GET / HTTP/1.0" 500 799 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: apache2 ++++ process: true ++++ Parsed: ++++ auth: '-' ++++ bytes: "799" ++++ clientip: 164.68.112.178 ++++ http_user_agent: '"masscan/1.0 (https://github.com/robertdavidgraham/masscan)"' ++++ httpversion: "1.0" ++++ ident: '-' ++++ message: 164.68.112.178 - - [08/Jun/2020:07:01:28 +0000] "GET / HTTP/1.0" 500 799 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" ++++ program: apache2 ++++ rawrequest: "" ++++ referrer: '"-"' ++++ request: / ++++ response: "500" ++++ target_fqdn: "" ++++ timestamp: 08/Jun/2020:07:01:28 +0000 ++++ verb: GET ++++ StrTime: 08/Jun/2020:07:01:28 +0000 ++++ Meta: ++++ http_path: / ++++ http_status: "500" ++++ log_type: http_access-log ++++ service: http ++++ source_ip: 164.68.112.178 ++++- s00-raw: {} ++++ s01-parse: ++++ crowdsecurity/apache2-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: apache2 ++++ process: true ++++ Parsed: ++++ auth: '-' ++++ bytes: "803" ++++ clientip: 195.54.160.135 ++++ http_user_agent: '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"' ++++ httpversion: "1.1" ++++ ident: '-' ++++ message: 195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" ++++ program: apache2 ++++ rawrequest: "" ++++ referrer: '"-"' ++++ request: /solr/admin/info/system?wt=json ++++ response: "500" ++++ target_fqdn: "" ++++ timestamp: 08/Jun/2020:08:04:43 +0000 ++++ verb: GET ++++ StrTime: 08/Jun/2020:08:04:43 +0000 ++++ Meta: ++++ http_path: /solr/admin/info/system?wt=json ++++ http_status: "500" ++++ log_type: http_access-log ++++ service: http ++++ source_ip: 195.54.160.135 ++++ s02-enrich: ++++ "": ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: apache2 ++++ process: true ++++ Parsed: ++++ auth: '-' ++++ bytes: "803" ++++ clientip: 195.54.160.135 ++++ http_user_agent: '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"' ++++ httpversion: "1.1" ++++ ident: '-' ++++ message: 195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" ++++ program: apache2 ++++ rawrequest: "" ++++ referrer: '"-"' ++++ request: /solr/admin/info/system?wt=json ++++ response: "500" ++++ target_fqdn: "" ++++ timestamp: 08/Jun/2020:08:04:43 +0000 ++++ verb: GET ++++ StrTime: 08/Jun/2020:08:04:43 +0000 ++++ Meta: ++++ http_path: /solr/admin/info/system?wt=json ++++ http_status: "500" ++++ log_type: http_access-log ++++ service: http ++++ source_ip: 195.54.160.135 ++++- s00-raw: {} ++++ s01-parse: ++++ crowdsecurity/apache2-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: apache2 ++++ process: true ++++ Parsed: ++++ auth: '-' ++++ bytes: "803" ++++ clientip: 1.2.3.4 ++++ http_user_agent: '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"' ++++ httpversion: "1.1" ++++ ident: '-' ++++ message: www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" ++++ program: apache2 ++++ rawrequest: "" ++++ referrer: '"-"' ++++ request: /solr/admin/info/system?wt=json ++++ response: "500" ++++ target_fqdn: www.crowdsec.net ++++ timestamp: 08/Jun/2020:08:04:43 +0000 ++++ verb: GET ++++ StrTime: 08/Jun/2020:08:04:43 +0000 ++++ Meta: ++++ http_path: /solr/admin/info/system?wt=json ++++ http_status: "500" ++++ log_type: http_access-log ++++ service: http ++++ source_ip: 1.2.3.4 ++++ s02-enrich: ++++ "": ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: apache2 ++++ process: true ++++ Parsed: ++++ auth: '-' ++++ bytes: "803" ++++ clientip: 1.2.3.4 ++++ http_user_agent: '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"' ++++ httpversion: "1.1" ++++ ident: '-' ++++ message: www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" ++++ program: apache2 ++++ rawrequest: "" ++++ referrer: '"-"' ++++ request: /solr/admin/info/system?wt=json ++++ response: "500" ++++ target_fqdn: www.crowdsec.net ++++ timestamp: 08/Jun/2020:08:04:43 +0000 ++++ verb: GET ++++ StrTime: 08/Jun/2020:08:04:43 +0000 ++++ Meta: ++++ http_path: /solr/admin/info/system?wt=json ++++ http_status: "500" ++++ log_type: http_access-log ++++ service: http ++++ source_ip: 1.2.3.4 ++++- s00-raw: {} ++++ s01-parse: ++++ crowdsecurity/apache2-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "POST /login HTTP/1.0" 500 803 "-" "-" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: apache2 ++++ process: true ++++ Parsed: ++++ http_user_agent: '"-"' ++++ auth: '-' ++++ bytes: "803" ++++ clientip: 93.43.209.58 ++++ httpversion: "1.0" ++++ ident: '-' ++++ message: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "POST /login HTTP/1.0" 500 803 "-" "-" ++++ program: apache2 ++++ rawrequest: "" ++++ referrer: '"-"' ++++ request: /login ++++ response: "500" ++++ target_fqdn: "" ++++ timestamp: 08/Jun/2020:06:49:01 +0000 ++++ verb: POST ++++ StrTime: 08/Jun/2020:06:49:01 +0000 ++++ Meta: ++++ http_path: /login ++++ http_status: "500" ++++ log_type: http_access-log ++++ service: http ++++ source_ip: 93.43.209.58 ++++ s02-enrich: ++++ "": ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "POST /login HTTP/1.0" 500 803 "-" "-" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: apache2 ++++ process: true ++++ Parsed: ++++ http_user_agent: '"-"' ++++ auth: '-' ++++ bytes: "803" ++++ clientip: 93.43.209.58 ++++ httpversion: "1.0" ++++ ident: '-' ++++ message: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "POST /login HTTP/1.0" 500 803 "-" "-" ++++ program: apache2 ++++ rawrequest: "" ++++ referrer: '"-"' ++++ request: /login ++++ response: "500" ++++ target_fqdn: "" ++++ timestamp: 08/Jun/2020:06:49:01 +0000 ++++ verb: POST ++++ StrTime: 08/Jun/2020:06:49:01 +0000 ++++ Meta: ++++ http_path: /login ++++ http_status: "500" ++++ log_type: http_access-log ++++ service: http ++++ source_ip: 93.43.209.58 ++++finalresults: ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "GET / HTTP/1.0" 500 803 "-" "-" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: apache2 ++++ process: true ++++ Parsed: ++++ auth: '-' ++++ bytes: "803" ++++ clientip: 93.43.209.58 ++++ http_user_agent: '"-"' ++++ httpversion: "1.0" ++++ ident: '-' ++++ message: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "GET / HTTP/1.0" 500 803 "-" "-" ++++ program: apache2 ++++ rawrequest: "" ++++ referrer: '"-"' ++++ request: / ++++ response: "500" ++++ target_fqdn: "" ++++ timestamp: 08/Jun/2020:06:49:01 +0000 ++++ verb: GET ++++ StrTime: 08/Jun/2020:06:49:01 +0000 ++++ Process: true ++++ Meta: ++++ http_path: / ++++ http_status: "500" ++++ log_type: http_access-log ++++ service: http ++++ source_ip: 93.43.209.58 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 164.68.112.178 - - [08/Jun/2020:07:01:28 +0000] "GET / HTTP/1.0" 500 799 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: apache2 ++++ process: true ++++ Parsed: ++++ auth: '-' ++++ bytes: "799" ++++ clientip: 164.68.112.178 ++++ http_user_agent: '"masscan/1.0 (https://github.com/robertdavidgraham/masscan)"' ++++ httpversion: "1.0" ++++ ident: '-' ++++ message: 164.68.112.178 - - [08/Jun/2020:07:01:28 +0000] "GET / HTTP/1.0" 500 799 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" ++++ program: apache2 ++++ rawrequest: "" ++++ referrer: '"-"' ++++ request: / ++++ response: "500" ++++ target_fqdn: "" ++++ timestamp: 08/Jun/2020:07:01:28 +0000 ++++ verb: GET ++++ StrTime: 08/Jun/2020:07:01:28 +0000 ++++ Process: true ++++ Meta: ++++ http_path: / ++++ http_status: "500" ++++ log_type: http_access-log ++++ service: http ++++ source_ip: 164.68.112.178 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: apache2 ++++ process: true ++++ Parsed: ++++ auth: '-' ++++ bytes: "803" ++++ clientip: 195.54.160.135 ++++ http_user_agent: '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"' ++++ httpversion: "1.1" ++++ ident: '-' ++++ message: 195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" ++++ program: apache2 ++++ rawrequest: "" ++++ referrer: '"-"' ++++ request: /solr/admin/info/system?wt=json ++++ response: "500" ++++ target_fqdn: "" ++++ timestamp: 08/Jun/2020:08:04:43 +0000 ++++ verb: GET ++++ StrTime: 08/Jun/2020:08:04:43 +0000 ++++ Process: true ++++ Meta: ++++ http_path: /solr/admin/info/system?wt=json ++++ http_status: "500" ++++ log_type: http_access-log ++++ service: http ++++ source_ip: 195.54.160.135 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: apache2 ++++ process: true ++++ Parsed: ++++ auth: '-' ++++ bytes: "803" ++++ clientip: 1.2.3.4 ++++ http_user_agent: '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"' ++++ httpversion: "1.1" ++++ ident: '-' ++++ message: www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" ++++ program: apache2 ++++ rawrequest: "" ++++ referrer: '"-"' ++++ request: /solr/admin/info/system?wt=json ++++ response: "500" ++++ target_fqdn: www.crowdsec.net ++++ timestamp: 08/Jun/2020:08:04:43 +0000 ++++ verb: GET ++++ StrTime: 08/Jun/2020:08:04:43 +0000 ++++ Process: true ++++ Meta: ++++ http_path: /solr/admin/info/system?wt=json ++++ http_status: "500" ++++ log_type: http_access-log ++++ service: http ++++ source_ip: 1.2.3.4 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "POST /login HTTP/1.0" 500 803 "-" "-" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: apache2 ++++ process: true ++++ Parsed: ++++ http_user_agent: '"-"' ++++ auth: '-' ++++ bytes: "803" ++++ clientip: 93.43.209.58 ++++ httpversion: "1.0" ++++ ident: '-' ++++ message: 93.43.209.58 - - [08/Jun/2020:06:49:01 +0000] "POST /login HTTP/1.0" 500 803 "-" "-" ++++ program: apache2 ++++ rawrequest: "" ++++ referrer: '"-"' ++++ request: /login ++++ response: "500" ++++ target_fqdn: "" ++++ timestamp: 08/Jun/2020:06:49:01 +0000 ++++ verb: POST ++++ StrTime: 08/Jun/2020:06:49:01 +0000 ++++ Process: true ++++ Meta: ++++ http_path: /login ++++ http_status: "500" ++++ log_type: http_access-log ++++ service: http ++++ source_ip: 93.43.209.58 diff --cc hub1/parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/config.yaml index 0000000,0000000,0000000,0000000..dbbb09a new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/config.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,7 @@@@@ ++++parser_input: parser_input.yaml ++++parser_results: parser_results.yaml ++++#configuration ++++index: "./config/hub/.index.json" ++++configurations: ++++ parsers: ++++ - crowdsecurity/cowrie-logs diff --cc hub1/parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/parser_input.yaml index 0000000,0000000,0000000,0000000..c2b9e9a new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/parser_input.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,28 @@@@@ ++++- ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 8 06:28:43 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:43+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 4.2.3.1:47630 (1.2.3.4:2222) [session: 3e5a9212b91f]' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/cowrie.log ++++ time: 2020-12-11T12:09:00.981240029+01:00 ++++ Labels: ++++ type: cowrie ++++ process: true ++++ Parsed: ++++ message: 'Dec 8 06:28:43 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:43+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 4.2.3.1:47630 (1.2.3.4:2222) [session: 3e5a9212b91f]' ++++ program: cowrie ++++ Time: 2020-12-11T12:09:00.981329468+01:00 ++++ Process: true ++++- ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 8 06:28:44 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:44+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 1.1.1.1:47631 (1.2.3.4:2222) [session: 3e5a9212s1f]' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/cowrie.log ++++ time: 2020-12-11T12:09:00.981374452+01:00 ++++ Labels: ++++ type: cowrie ++++ process: true ++++ Parsed: ++++ message: 'Dec 8 06:28:44 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:44+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 1.1.1.1:47631 (1.2.3.4:2222) [session: 3e5a9212s1f]' ++++ program: cowrie ++++ Time: 2020-12-11T12:09:00.98211676+01:00 ++++ Process: true diff --cc hub1/parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/parser_results.yaml index 0000000,0000000,0000000,0000000..968de77 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/parser_results.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,146 @@@@@ ++++provisionalresults: ++++- s00-raw: {} ++++ s01-parse: ++++ cowrie-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 8 06:28:43 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:43+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 4.2.3.1:47630 (1.2.3.4:2222) [session: 3e5a9212b91f]' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/cowrie.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: cowrie ++++ process: true ++++ Parsed: ++++ dest_ip: 1.2.3.4 ++++ dest_port: "2222" ++++ message: 'Dec 8 06:28:43 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:43+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 4.2.3.1:47630 (1.2.3.4:2222) [session: 3e5a9212b91f]' ++++ program: cowrie ++++ source_ip: 4.2.3.1 ++++ telnet_session: 3e5a9212b91f ++++ Meta: ++++ dest_ip: 1.2.3.4 ++++ dest_port: "2222" ++++ log_type: telnet_new_session ++++ service: telnet ++++ source_ip: 4.2.3.1 ++++ s02-enrich: ++++ "": ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 8 06:28:43 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:43+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 4.2.3.1:47630 (1.2.3.4:2222) [session: 3e5a9212b91f]' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/cowrie.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: cowrie ++++ process: true ++++ Parsed: ++++ dest_ip: 1.2.3.4 ++++ dest_port: "2222" ++++ message: 'Dec 8 06:28:43 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:43+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 4.2.3.1:47630 (1.2.3.4:2222) [session: 3e5a9212b91f]' ++++ program: cowrie ++++ source_ip: 4.2.3.1 ++++ telnet_session: 3e5a9212b91f ++++ Meta: ++++ dest_ip: 1.2.3.4 ++++ dest_port: "2222" ++++ log_type: telnet_new_session ++++ service: telnet ++++ source_ip: 4.2.3.1 ++++- s00-raw: {} ++++ s01-parse: ++++ cowrie-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 8 06:28:44 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:44+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 1.1.1.1:47631 (1.2.3.4:2222) [session: 3e5a9212s1f]' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/cowrie.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: cowrie ++++ process: true ++++ Parsed: ++++ dest_ip: 1.2.3.4 ++++ dest_port: "2222" ++++ message: 'Dec 8 06:28:44 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:44+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 1.1.1.1:47631 (1.2.3.4:2222) [session: 3e5a9212s1f]' ++++ program: cowrie ++++ source_ip: 1.1.1.1 ++++ telnet_session: 3e5a9212s1f ++++ Meta: ++++ dest_ip: 1.2.3.4 ++++ dest_port: "2222" ++++ log_type: telnet_new_session ++++ service: telnet ++++ source_ip: 1.1.1.1 ++++ s02-enrich: ++++ "": ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 8 06:28:44 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:44+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 1.1.1.1:47631 (1.2.3.4:2222) [session: 3e5a9212s1f]' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/cowrie.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: cowrie ++++ process: true ++++ Parsed: ++++ dest_ip: 1.2.3.4 ++++ dest_port: "2222" ++++ message: 'Dec 8 06:28:44 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:44+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 1.1.1.1:47631 (1.2.3.4:2222) [session: 3e5a9212s1f]' ++++ program: cowrie ++++ source_ip: 1.1.1.1 ++++ telnet_session: 3e5a9212s1f ++++ Meta: ++++ dest_ip: 1.2.3.4 ++++ dest_port: "2222" ++++ log_type: telnet_new_session ++++ service: telnet ++++ source_ip: 1.1.1.1 ++++finalresults: ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 8 06:28:43 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:43+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 4.2.3.1:47630 (1.2.3.4:2222) [session: 3e5a9212b91f]' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/cowrie.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: cowrie ++++ process: true ++++ Parsed: ++++ dest_ip: 1.2.3.4 ++++ dest_port: "2222" ++++ message: 'Dec 8 06:28:43 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:43+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 4.2.3.1:47630 (1.2.3.4:2222) [session: 3e5a9212b91f]' ++++ program: cowrie ++++ source_ip: 4.2.3.1 ++++ telnet_session: 3e5a9212b91f ++++ Process: true ++++ Meta: ++++ dest_ip: 1.2.3.4 ++++ dest_port: "2222" ++++ log_type: telnet_new_session ++++ service: telnet ++++ source_ip: 4.2.3.1 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 8 06:28:44 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:44+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 1.1.1.1:47631 (1.2.3.4:2222) [session: 3e5a9212s1f]' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/cowrie-logs/cowrie.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: cowrie ++++ process: true ++++ Parsed: ++++ dest_ip: 1.2.3.4 ++++ dest_port: "2222" ++++ message: 'Dec 8 06:28:44 ip.compute.internal cowrie[2806]: 2020-12-08T06:28:44+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 1.1.1.1:47631 (1.2.3.4:2222) [session: 3e5a9212s1f]' ++++ program: cowrie ++++ source_ip: 1.1.1.1 ++++ telnet_session: 3e5a9212s1f ++++ Process: true ++++ Meta: ++++ dest_ip: 1.2.3.4 ++++ dest_port: "2222" ++++ log_type: telnet_new_session ++++ service: telnet ++++ source_ip: 1.1.1.1 diff --cc hub1/parsers/s01-parse/crowdsecurity/.tests/dovecot-logs/config.yaml index 0000000,0000000,0000000,0000000..74d1ec6 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/.tests/dovecot-logs/config.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,10 @@@@@ ++++parser_input: parser_input.yaml ++++parser_results: parser_results.yaml ++++ ++++#configuration ++++index: "./config/hub/.index.json" ++++configurations: ++++ parsers: ++++ - crowdsecurity/dovecot-logs ++++ ++++ diff --cc hub1/parsers/s01-parse/crowdsecurity/.tests/dovecot-logs/parser_input.yaml index 0000000,0000000,0000000,0000000..f58153d new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/.tests/dovecot-logs/parser_input.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,23 @@@@@ ++++- ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Jan 28 10:16:13 dovecot-box dovecot[7508]: imap-login: Disconnected (auth failed, 1 attempts in 6 secs): user=, method=PLAIN, rip=4.4.4.4, lip=7.7.7.7, TLS, session=<3650VvK5bdIaW-iK>' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/dovecot-logs/mail.info ++++ time: 2020-12-11T13:05:46.765615945+01:00 ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: "imap-login: Disconnected (auth failed, 1 attempts in 6 secs): user=, method=PLAIN, rip=4.4.4.4, lip=7.7.7.7, TLS, session=<3650VvK5bdIaW-iK>" ++++ pid: "8421" ++++ priority: "" ++++ program: dovecot ++++ timestamp: Nov 10 15:01:29 ++++ timestamp8601: "" ++++ Time: 2020-12-11T13:05:46.765680868+01:00 ++++ StrTime: Nov 10 15:01:29 ++++ Process: true ++++ ++++ diff --cc hub1/parsers/s01-parse/crowdsecurity/.tests/dovecot-logs/parser_results.yaml index 0000000,0000000,0000000,0000000..740be05 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/.tests/dovecot-logs/parser_results.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,89 @@@@@ ++++provisionalresults: ++++- s00-raw: {} ++++ s01-parse: ++++ crowdsecurity/dovecot-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Jan 28 10:16:13 dovecot-box dovecot[7508]: imap-login: Disconnected (auth failed, 1 attempts in 6 secs): user=, method=PLAIN, rip=4.4.4.4, lip=7.7.7.7, TLS, session=<3650VvK5bdIaW-iK>' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/dovecot-logs/mail.info ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ dovecot_local_ip: 7.7.7.7 ++++ dovecot_login_result: Disconnected (auth failed, 1 attempts in 6 secs) ++++ dovecot_remote_ip: 4.4.4.4 ++++ dovecot_user: toto@toto.com ++++ facility: "" ++++ logsource: syslog ++++ message: 'imap-login: Disconnected (auth failed, 1 attempts in 6 secs): user=, method=PLAIN, rip=4.4.4.4, lip=7.7.7.7, TLS, session=<3650VvK5bdIaW-iK>' ++++ pid: "8421" ++++ priority: "" ++++ program: dovecot ++++ protocol: imap ++++ timestamp: Nov 10 15:01:29 ++++ timestamp8601: "" ++++ StrTime: Nov 10 15:01:29 ++++ Meta: ++++ log_type: dovecot_logs ++++ source_ip: 4.4.4.4 ++++ s02-enrich: ++++ "": ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Jan 28 10:16:13 dovecot-box dovecot[7508]: imap-login: Disconnected (auth failed, 1 attempts in 6 secs): user=, method=PLAIN, rip=4.4.4.4, lip=7.7.7.7, TLS, session=<3650VvK5bdIaW-iK>' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/dovecot-logs/mail.info ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ dovecot_local_ip: 7.7.7.7 ++++ dovecot_login_result: Disconnected (auth failed, 1 attempts in 6 secs) ++++ dovecot_remote_ip: 4.4.4.4 ++++ dovecot_user: toto@toto.com ++++ facility: "" ++++ logsource: syslog ++++ message: 'imap-login: Disconnected (auth failed, 1 attempts in 6 secs): user=, method=PLAIN, rip=4.4.4.4, lip=7.7.7.7, TLS, session=<3650VvK5bdIaW-iK>' ++++ pid: "8421" ++++ priority: "" ++++ program: dovecot ++++ protocol: imap ++++ timestamp: Nov 10 15:01:29 ++++ timestamp8601: "" ++++ StrTime: Nov 10 15:01:29 ++++ Meta: ++++ log_type: dovecot_logs ++++ source_ip: 4.4.4.4 ++++finalresults: ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Jan 28 10:16:13 dovecot-box dovecot[7508]: imap-login: Disconnected (auth failed, 1 attempts in 6 secs): user=, method=PLAIN, rip=4.4.4.4, lip=7.7.7.7, TLS, session=<3650VvK5bdIaW-iK>' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/dovecot-logs/mail.info ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ dovecot_local_ip: 7.7.7.7 ++++ dovecot_login_result: Disconnected (auth failed, 1 attempts in 6 secs) ++++ dovecot_remote_ip: 4.4.4.4 ++++ dovecot_user: toto@toto.com ++++ facility: "" ++++ logsource: syslog ++++ message: 'imap-login: Disconnected (auth failed, 1 attempts in 6 secs): user=, method=PLAIN, rip=4.4.4.4, lip=7.7.7.7, TLS, session=<3650VvK5bdIaW-iK>' ++++ pid: "8421" ++++ priority: "" ++++ program: dovecot ++++ protocol: imap ++++ timestamp: Nov 10 15:01:29 ++++ timestamp8601: "" ++++ StrTime: Nov 10 15:01:29 ++++ Process: true ++++ Meta: ++++ log_type: dovecot_logs ++++ source_ip: 4.4.4.4 diff --cc hub1/parsers/s01-parse/crowdsecurity/.tests/iptables-logs/config.yaml index 0000000,0000000,0000000,0000000..a0e3ace new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/.tests/iptables-logs/config.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,8 @@@@@ ++++parser_input: parser_input.yaml ++++parser_results: parser_results.yaml ++++ ++++#configuration ++++index: .index.json # relative to root ++++configurations: ++++ parsers: ++++ - crowdsecurity/iptables-logs diff --cc hub1/parsers/s01-parse/crowdsecurity/.tests/iptables-logs/parser_input.yaml index 0000000,0000000,0000000,0000000..3d2338e new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/.tests/iptables-logs/parser_input.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,14 @@@@@ ++++- ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Jun 8 14:34:33 sd-126005 kernel: [50028442.088484] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=195.54.160.107 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=37308 PROTO=TCP SPT=8080 DPT=8123 WINDOW=1024 RES=0x00 SYN URGP=0' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/iptables-logs/iptables.log ++++ time: 2020-12-11T12:51:53.618550089+01:00 ++++ Labels: ++++ type: kernel ++++ process: true ++++ Parsed: ++++ message: 'Jun 8 14:34:33 sd-126005 kernel: [50028442.088484] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=195.54.160.107 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=37308 PROTO=TCP SPT=8080 DPT=8123 WINDOW=1024 RES=0x00 SYN URGP=0' ++++ program: kernel ++++ Time: 2020-12-11T12:51:53.618598112+01:00 ++++ Process: true diff --cc hub1/parsers/s01-parse/crowdsecurity/.tests/iptables-logs/parser_results.yaml index 0000000,0000000,0000000,0000000..d3beb77 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/.tests/iptables-logs/parser_results.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,80 @@@@@ ++++provisionalresults: ++++- s00-raw: {} ++++ s01-parse: ++++ crowdsecurity/iptables-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Jun 8 14:34:33 sd-126005 kernel: [50028442.088484] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=195.54.160.107 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=37308 PROTO=TCP SPT=8080 DPT=8123 WINDOW=1024 RES=0x00 SYN URGP=0' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/iptables-logs/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: kernel ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8123" ++++ int_eth: enp1s0 ++++ length: "40" ++++ message: 'Jun 8 14:34:33 sd-126005 kernel: [50028442.088484] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=195.54.160.107 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=37308 PROTO=TCP SPT=8080 DPT=8123 WINDOW=1024 RES=0x00 SYN URGP=0' ++++ program: kernel ++++ proto: TCP ++++ src_ip: 195.54.160.107 ++++ src_port: "8080" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 195.54.160.107 ++++ s02-enrich: ++++ "": ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Jun 8 14:34:33 sd-126005 kernel: [50028442.088484] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=195.54.160.107 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=37308 PROTO=TCP SPT=8080 DPT=8123 WINDOW=1024 RES=0x00 SYN URGP=0' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/iptables-logs/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: kernel ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8123" ++++ int_eth: enp1s0 ++++ length: "40" ++++ message: 'Jun 8 14:34:33 sd-126005 kernel: [50028442.088484] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=195.54.160.107 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=37308 PROTO=TCP SPT=8080 DPT=8123 WINDOW=1024 RES=0x00 SYN URGP=0' ++++ program: kernel ++++ proto: TCP ++++ src_ip: 195.54.160.107 ++++ src_port: "8080" ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 195.54.160.107 ++++finalresults: ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Jun 8 14:34:33 sd-126005 kernel: [50028442.088484] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=195.54.160.107 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=37308 PROTO=TCP SPT=8080 DPT=8123 WINDOW=1024 RES=0x00 SYN URGP=0' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/iptables-logs/iptables.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: kernel ++++ process: true ++++ Parsed: ++++ action: "" ++++ dst_ip: 51.15.166.67 ++++ dst_port: "8123" ++++ int_eth: enp1s0 ++++ length: "40" ++++ message: 'Jun 8 14:34:33 sd-126005 kernel: [50028442.088484] IN=enp1s0 OUT= MAC=00:08:a2:0c:1f:12:00:c8:8b:e2:d6:87:08:00 SRC=195.54.160.107 DST=51.15.166.67 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=37308 PROTO=TCP SPT=8080 DPT=8123 WINDOW=1024 RES=0x00 SYN URGP=0' ++++ program: kernel ++++ proto: TCP ++++ src_ip: 195.54.160.107 ++++ src_port: "8080" ++++ Process: true ++++ Meta: ++++ log_type: iptables_drop ++++ service: tcp ++++ source_ip: 195.54.160.107 diff --cc hub1/parsers/s01-parse/crowdsecurity/.tests/mysql-logs/config.yaml index 0000000,0000000,0000000,0000000..e702932 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/.tests/mysql-logs/config.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,8 @@@@@ ++++parser_input: parser_input.yaml ++++parser_results: parser_results.yaml ++++ ++++#configuration ++++index: "./config/hub/.index.json" ++++configurations: ++++ parsers: ++++ - crowdsecurity/mysql-logs diff --cc hub1/parsers/s01-parse/crowdsecurity/.tests/mysql-logs/parser_input.yaml index 0000000,0000000,0000000,0000000..e607065 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/.tests/mysql-logs/parser_input.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,28 @@@@@ ++++- ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Apr 16 05:13:40 ip-172-31-36-243.ap-northeast-2.compute.internal mysql[2769]: 2020-04-16T05:13:40.861934Z 344 [Note] Access denied for user ''root''@''27.155.87.54'' (using password: YES)' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/mysql-logs/mysql.log ++++ time: 2020-12-11T12:55:59.702942091+01:00 ++++ Labels: ++++ type: mysql ++++ process: true ++++ Parsed: ++++ message: 'Apr 16 05:13:40 ip-172-31-36-243.ap-northeast-2.compute.internal mysql[2769]: 2020-04-16T05:13:40.861934Z 344 [Note] Access denied for user ''root''@''27.155.87.54'' (using password: YES)' ++++ program: mysql ++++ Time: 2020-12-11T12:55:59.702983219+01:00 ++++ Process: true ++++- ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Apr 16 05:13:41 ip-172-31-36-243.ap-northeast-2.compute.internal mysql[2769]: 2020-04-16T05:13:41.144260Z 345 [Note] Access denied for user ''root''@''27.155.87.54'' (using password: NO)' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/mysql-logs/mysql.log ++++ time: 2020-12-11T12:55:59.703044246+01:00 ++++ Labels: ++++ type: mysql ++++ process: true ++++ Parsed: ++++ message: 'Apr 16 05:13:41 ip-172-31-36-243.ap-northeast-2.compute.internal mysql[2769]: 2020-04-16T05:13:41.144260Z 345 [Note] Access denied for user ''root''@''27.155.87.54'' (using password: NO)' ++++ program: mysql ++++ Time: 2020-12-11T12:55:59.703760102+01:00 ++++ Process: true diff --cc hub1/parsers/s01-parse/crowdsecurity/.tests/mysql-logs/parser_results.yaml index 0000000,0000000,0000000,0000000..02269b2 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/.tests/mysql-logs/parser_results.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,79 @@@@@ ++++provisionalresults: ++++- s00-raw: {} ++++ s01-parse: ++++ crowdsecurity/mysql-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Apr 16 05:13:40 ip-172-31-36-243.ap-northeast-2.compute.internal mysql[2769]: 2020-04-16T05:13:40.861934Z 344 [Note] Access denied for user ''root''@''27.155.87.54'' (using password: YES)' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/mysql-logs/mysql.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: mysql ++++ process: true ++++ Parsed: ++++ message: 'Apr 16 05:13:40 ip-172-31-36-243.ap-northeast-2.compute.internal mysql[2769]: 2020-04-16T05:13:40.861934Z 344 [Note] Access denied for user ''root''@''27.155.87.54'' (using password: YES)' ++++ program: mysql ++++ source_ip: 27.155.87.54 ++++ time: "2020-04-16T05:13:40.861934Z" ++++ user: root ++++ Meta: ++++ log_type: mysql_failed_auth ++++ source_ip: 27.155.87.54 ++++ user: root ++++ s02-enrich: ++++ "": ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Apr 16 05:13:40 ip-172-31-36-243.ap-northeast-2.compute.internal mysql[2769]: 2020-04-16T05:13:40.861934Z 344 [Note] Access denied for user ''root''@''27.155.87.54'' (using password: YES)' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/mysql-logs/mysql.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: mysql ++++ process: true ++++ Parsed: ++++ message: 'Apr 16 05:13:40 ip-172-31-36-243.ap-northeast-2.compute.internal mysql[2769]: 2020-04-16T05:13:40.861934Z 344 [Note] Access denied for user ''root''@''27.155.87.54'' (using password: YES)' ++++ program: mysql ++++ source_ip: 27.155.87.54 ++++ time: "2020-04-16T05:13:40.861934Z" ++++ user: root ++++ Meta: ++++ log_type: mysql_failed_auth ++++ source_ip: 27.155.87.54 ++++ user: root ++++- s00-raw: {} ++++ s01-parse: {} ++++finalresults: ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Apr 16 05:13:40 ip-172-31-36-243.ap-northeast-2.compute.internal mysql[2769]: 2020-04-16T05:13:40.861934Z 344 [Note] Access denied for user ''root''@''27.155.87.54'' (using password: YES)' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/mysql-logs/mysql.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: mysql ++++ process: true ++++ Parsed: ++++ message: 'Apr 16 05:13:40 ip-172-31-36-243.ap-northeast-2.compute.internal mysql[2769]: 2020-04-16T05:13:40.861934Z 344 [Note] Access denied for user ''root''@''27.155.87.54'' (using password: YES)' ++++ program: mysql ++++ source_ip: 27.155.87.54 ++++ time: "2020-04-16T05:13:40.861934Z" ++++ user: root ++++ Process: true ++++ Meta: ++++ log_type: mysql_failed_auth ++++ source_ip: 27.155.87.54 ++++ user: root ++++- ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Apr 16 05:13:41 ip-172-31-36-243.ap-northeast-2.compute.internal mysql[2769]: 2020-04-16T05:13:41.144260Z 345 [Note] Access denied for user ''root''@''27.155.87.54'' (using password: NO)' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/mysql-logs/mysql.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: mysql ++++ process: true ++++ Parsed: ++++ message: 'Apr 16 05:13:41 ip-172-31-36-243.ap-northeast-2.compute.internal mysql[2769]: 2020-04-16T05:13:41.144260Z 345 [Note] Access denied for user ''root''@''27.155.87.54'' (using password: NO)' ++++ program: mysql diff --cc hub1/parsers/s01-parse/crowdsecurity/.tests/nginx-logs/config.yaml index 0000000,0000000,0000000,0000000..8e811e1 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/.tests/nginx-logs/config.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,8 @@@@@ ++++parser_input: parser_input.yaml ++++parser_results: parser_results.yaml ++++ ++++#configuration ++++index: "./config/hub/.index.json" ++++configurations: ++++ parsers: ++++ - crowdsecurity/nginx-logs diff --cc hub1/parsers/s01-parse/crowdsecurity/.tests/nginx-logs/parser_input.yaml index 0000000,0000000,0000000,0000000..cc6ae08 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/.tests/nginx-logs/parser_input.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,70 @@@@@ ++++- ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log ++++ time: 2020-12-11T13:02:38.187710403+01:00 ++++ Labels: ++++ type: nginx ++++ process: true ++++ Parsed: ++++ message: 5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1" ++++ program: nginx ++++ Time: 2020-12-11T13:02:38.187733387+01:00 ++++ Process: true ++++- ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 2.30.19.10 - - [04/Jan/2020:08:29:17 +0000] "GET / HTTP/1.1" 400 0 "-" "-" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log ++++ time: 2020-12-11T13:02:38.187790876+01:00 ++++ Labels: ++++ type: nginx ++++ process: true ++++ Parsed: ++++ message: 2.30.19.10 - - [04/Jan/2020:08:29:17 +0000] "GET / HTTP/1.1" 400 0 "-" "-" ++++ program: nginx ++++ Time: 2020-12-11T13:02:38.1879352+01:00 ++++ Process: true ++++- ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log ++++ time: 2020-12-11T13:02:38.188000715+01:00 ++++ Labels: ++++ type: nginx ++++ process: true ++++ Parsed: ++++ message: 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" ++++ program: nginx ++++ Time: 2020-12-11T13:02:38.188078433+01:00 ++++ Process: true ++++- ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log ++++ time: 2020-12-11T13:02:38.188137815+01:00 ++++ Labels: ++++ type: nginx ++++ process: true ++++ Parsed: ++++ message: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" ++++ program: nginx ++++ Time: 2020-12-11T13:02:38.188226774+01:00 ++++ Process: true ++++- ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "POST /login.php HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log ++++ time: 2020-12-11T13:02:38.188137815+01:00 ++++ Labels: ++++ type: nginx ++++ process: true ++++ Parsed: ++++ message: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "POST /login.php HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" ++++ program: nginx ++++ Time: 2020-12-11T13:02:38.188226774+01:00 ++++ Process: true diff --cc hub1/parsers/s01-parse/crowdsecurity/.tests/nginx-logs/parser_results.yaml index 0000000,0000000,0000000,0000000..a1667a4 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/.tests/nginx-logs/parser_results.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,482 @@@@@ ++++provisionalresults: ++++- s00-raw: {} ++++ s01-parse: ++++ crowdsecurity/nginx-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: nginx ++++ process: true ++++ Parsed: ++++ body_bytes_sent: "522" ++++ http_referer: '-' ++++ http_user_agent: Go-http-client/1.1 ++++ http_version: "1.1" ++++ message: 5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1" ++++ program: nginx ++++ remote_addr: 5.5.8.5 ++++ remote_user: '-' ++++ request: /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo ++++ status: "404" ++++ target_fqdn: "" ++++ time_local: 04/Jan/2020:07:25:02 +0000 ++++ verb: GET ++++ StrTime: 04/Jan/2020:07:25:02 +0000 ++++ Meta: ++++ http_path: /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo ++++ http_status: "404" ++++ log_type: http_access-log ++++ service: http ++++ source_ip: 5.5.8.5 ++++ s02-enrich: ++++ "": ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: nginx ++++ process: true ++++ Parsed: ++++ body_bytes_sent: "522" ++++ http_referer: '-' ++++ http_user_agent: Go-http-client/1.1 ++++ http_version: "1.1" ++++ message: 5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1" ++++ program: nginx ++++ remote_addr: 5.5.8.5 ++++ remote_user: '-' ++++ request: /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo ++++ status: "404" ++++ target_fqdn: "" ++++ time_local: 04/Jan/2020:07:25:02 +0000 ++++ verb: GET ++++ StrTime: 04/Jan/2020:07:25:02 +0000 ++++ Meta: ++++ http_path: /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo ++++ http_status: "404" ++++ log_type: http_access-log ++++ service: http ++++ source_ip: 5.5.8.5 ++++- s00-raw: {} ++++ s01-parse: ++++ crowdsecurity/nginx-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 2.30.19.10 - - [04/Jan/2020:08:29:17 +0000] "GET / HTTP/1.1" 400 0 "-" "-" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: nginx ++++ process: true ++++ Parsed: ++++ body_bytes_sent: "0" ++++ http_referer: '-' ++++ http_user_agent: '-' ++++ http_version: "1.1" ++++ message: 2.30.19.10 - - [04/Jan/2020:08:29:17 +0000] "GET / HTTP/1.1" 400 0 "-" "-" ++++ program: nginx ++++ remote_addr: 2.30.19.10 ++++ remote_user: '-' ++++ request: / ++++ status: "400" ++++ target_fqdn: "" ++++ time_local: 04/Jan/2020:08:29:17 +0000 ++++ verb: GET ++++ StrTime: 04/Jan/2020:08:29:17 +0000 ++++ Meta: ++++ http_path: / ++++ http_status: "400" ++++ log_type: http_access-log ++++ service: http ++++ source_ip: 2.30.19.10 ++++ s02-enrich: ++++ "": ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 2.30.19.10 - - [04/Jan/2020:08:29:17 +0000] "GET / HTTP/1.1" 400 0 "-" "-" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: nginx ++++ process: true ++++ Parsed: ++++ body_bytes_sent: "0" ++++ http_referer: '-' ++++ http_user_agent: '-' ++++ http_version: "1.1" ++++ message: 2.30.19.10 - - [04/Jan/2020:08:29:17 +0000] "GET / HTTP/1.1" 400 0 "-" "-" ++++ program: nginx ++++ remote_addr: 2.30.19.10 ++++ remote_user: '-' ++++ request: / ++++ status: "400" ++++ target_fqdn: "" ++++ time_local: 04/Jan/2020:08:29:17 +0000 ++++ verb: GET ++++ StrTime: 04/Jan/2020:08:29:17 +0000 ++++ Meta: ++++ http_path: / ++++ http_status: "400" ++++ log_type: http_access-log ++++ service: http ++++ source_ip: 2.30.19.10 ++++- s00-raw: {} ++++ s01-parse: ++++ crowdsecurity/nginx-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: nginx ++++ process: true ++++ Parsed: ++++ body_bytes_sent: "550" ++++ http_referer: '-' ++++ http_user_agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) ++++ http_version: "1.1" ++++ message: 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" ++++ program: nginx ++++ remote_addr: 52.59.61.4 ++++ remote_user: '-' ++++ request: /index.php/nous-contacter/ ++++ status: "500" ++++ target_fqdn: "" ++++ time_local: 04/Jan/2020:08:41:43 +0000 ++++ verb: GET ++++ StrTime: 04/Jan/2020:08:41:43 +0000 ++++ Meta: ++++ http_path: /index.php/nous-contacter/ ++++ http_status: "500" ++++ log_type: http_access-log ++++ service: http ++++ source_ip: 52.59.61.4 ++++ s02-enrich: ++++ "": ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: nginx ++++ process: true ++++ Parsed: ++++ body_bytes_sent: "550" ++++ http_referer: '-' ++++ http_user_agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) ++++ http_version: "1.1" ++++ message: 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" ++++ program: nginx ++++ remote_addr: 52.59.61.4 ++++ remote_user: '-' ++++ request: /index.php/nous-contacter/ ++++ status: "500" ++++ target_fqdn: "" ++++ time_local: 04/Jan/2020:08:41:43 +0000 ++++ verb: GET ++++ StrTime: 04/Jan/2020:08:41:43 +0000 ++++ Meta: ++++ http_path: /index.php/nous-contacter/ ++++ http_status: "500" ++++ log_type: http_access-log ++++ service: http ++++ source_ip: 52.59.61.4 ++++- s00-raw: {} ++++ s01-parse: ++++ crowdsecurity/nginx-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: nginx ++++ process: true ++++ Parsed: ++++ body_bytes_sent: "550" ++++ http_referer: '-' ++++ http_user_agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) ++++ http_version: "1.1" ++++ message: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" ++++ program: nginx ++++ remote_addr: 52.59.61.4 ++++ remote_user: '-' ++++ request: /index.php/nous-contacter/ ++++ status: "500" ++++ target_fqdn: www.mydomain.com ++++ time_local: 04/Jan/2020:08:41:43 +0000 ++++ verb: GET ++++ StrTime: 04/Jan/2020:08:41:43 +0000 ++++ Meta: ++++ http_path: /index.php/nous-contacter/ ++++ http_status: "500" ++++ log_type: http_access-log ++++ service: http ++++ source_ip: 52.59.61.4 ++++ s02-enrich: ++++ "": ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: nginx ++++ process: true ++++ Parsed: ++++ body_bytes_sent: "550" ++++ http_referer: '-' ++++ http_user_agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) ++++ http_version: "1.1" ++++ message: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" ++++ program: nginx ++++ remote_addr: 52.59.61.4 ++++ remote_user: '-' ++++ request: /index.php/nous-contacter/ ++++ status: "500" ++++ target_fqdn: www.mydomain.com ++++ time_local: 04/Jan/2020:08:41:43 +0000 ++++ verb: GET ++++ StrTime: 04/Jan/2020:08:41:43 +0000 ++++ Meta: ++++ http_path: /index.php/nous-contacter/ ++++ http_status: "500" ++++ log_type: http_access-log ++++ service: http ++++ source_ip: 52.59.61.4 ++++- s00-raw: {} ++++ s01-parse: ++++ crowdsecurity/nginx-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "POST /login.php HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: nginx ++++ process: true ++++ Parsed: ++++ body_bytes_sent: "550" ++++ http_referer: '-' ++++ http_user_agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) ++++ http_version: "1.1" ++++ message: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "POST /login.php HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" ++++ program: nginx ++++ remote_addr: 52.59.61.4 ++++ remote_user: '-' ++++ request: /login.php ++++ status: "500" ++++ target_fqdn: www.mydomain.com ++++ time_local: 04/Jan/2020:08:41:43 +0000 ++++ verb: POST ++++ StrTime: 04/Jan/2020:08:41:43 +0000 ++++ Meta: ++++ http_path: /login.php ++++ http_status: "500" ++++ log_type: http_access-log ++++ service: http ++++ source_ip: 52.59.61.4 ++++ s02-enrich: ++++ "": ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "POST /login.php HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: nginx ++++ process: true ++++ Parsed: ++++ body_bytes_sent: "550" ++++ http_referer: '-' ++++ http_user_agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) ++++ http_version: "1.1" ++++ message: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "POST /login.php HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" ++++ program: nginx ++++ remote_addr: 52.59.61.4 ++++ remote_user: '-' ++++ request: /login.php ++++ status: "500" ++++ target_fqdn: www.mydomain.com ++++ time_local: 04/Jan/2020:08:41:43 +0000 ++++ verb: POST ++++ StrTime: 04/Jan/2020:08:41:43 +0000 ++++ Meta: ++++ http_path: /login.php ++++ http_status: "500" ++++ log_type: http_access-log ++++ service: http ++++ source_ip: 52.59.61.4 ++++finalresults: ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: nginx ++++ process: true ++++ Parsed: ++++ body_bytes_sent: "522" ++++ http_referer: '-' ++++ http_user_agent: Go-http-client/1.1 ++++ http_version: "1.1" ++++ message: 5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1" ++++ program: nginx ++++ remote_addr: 5.5.8.5 ++++ remote_user: '-' ++++ request: /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo ++++ status: "404" ++++ target_fqdn: "" ++++ time_local: 04/Jan/2020:07:25:02 +0000 ++++ verb: GET ++++ StrTime: 04/Jan/2020:07:25:02 +0000 ++++ Process: true ++++ Meta: ++++ http_path: /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo ++++ http_status: "404" ++++ log_type: http_access-log ++++ service: http ++++ source_ip: 5.5.8.5 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 2.30.19.10 - - [04/Jan/2020:08:29:17 +0000] "GET / HTTP/1.1" 400 0 "-" "-" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: nginx ++++ process: true ++++ Parsed: ++++ body_bytes_sent: "0" ++++ http_referer: '-' ++++ http_user_agent: '-' ++++ http_version: "1.1" ++++ message: 2.30.19.10 - - [04/Jan/2020:08:29:17 +0000] "GET / HTTP/1.1" 400 0 "-" "-" ++++ program: nginx ++++ remote_addr: 2.30.19.10 ++++ remote_user: '-' ++++ request: / ++++ status: "400" ++++ target_fqdn: "" ++++ time_local: 04/Jan/2020:08:29:17 +0000 ++++ verb: GET ++++ StrTime: 04/Jan/2020:08:29:17 +0000 ++++ Process: true ++++ Meta: ++++ http_path: / ++++ http_status: "400" ++++ log_type: http_access-log ++++ service: http ++++ source_ip: 2.30.19.10 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: nginx ++++ process: true ++++ Parsed: ++++ body_bytes_sent: "550" ++++ http_referer: '-' ++++ http_user_agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) ++++ http_version: "1.1" ++++ message: 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" ++++ program: nginx ++++ remote_addr: 52.59.61.4 ++++ remote_user: '-' ++++ request: /index.php/nous-contacter/ ++++ status: "500" ++++ target_fqdn: "" ++++ time_local: 04/Jan/2020:08:41:43 +0000 ++++ verb: GET ++++ StrTime: 04/Jan/2020:08:41:43 +0000 ++++ Process: true ++++ Meta: ++++ http_path: /index.php/nous-contacter/ ++++ http_status: "500" ++++ log_type: http_access-log ++++ service: http ++++ source_ip: 52.59.61.4 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: nginx ++++ process: true ++++ Parsed: ++++ body_bytes_sent: "550" ++++ http_referer: '-' ++++ http_user_agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) ++++ http_version: "1.1" ++++ message: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" ++++ program: nginx ++++ remote_addr: 52.59.61.4 ++++ remote_user: '-' ++++ request: /index.php/nous-contacter/ ++++ status: "500" ++++ target_fqdn: www.mydomain.com ++++ time_local: 04/Jan/2020:08:41:43 +0000 ++++ verb: GET ++++ StrTime: 04/Jan/2020:08:41:43 +0000 ++++ Process: true ++++ Meta: ++++ http_path: /index.php/nous-contacter/ ++++ http_status: "500" ++++ log_type: http_access-log ++++ service: http ++++ source_ip: 52.59.61.4 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "POST /login.php HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: nginx ++++ process: true ++++ Parsed: ++++ body_bytes_sent: "550" ++++ http_referer: '-' ++++ http_user_agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) ++++ http_version: "1.1" ++++ message: www.mydomain.com 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "POST /login.php HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" ++++ program: nginx ++++ remote_addr: 52.59.61.4 ++++ remote_user: '-' ++++ request: /login.php ++++ status: "500" ++++ target_fqdn: www.mydomain.com ++++ time_local: 04/Jan/2020:08:41:43 +0000 ++++ verb: POST ++++ StrTime: 04/Jan/2020:08:41:43 +0000 ++++ Process: true ++++ Meta: ++++ http_path: /login.php ++++ http_status: "500" ++++ log_type: http_access-log ++++ service: http ++++ source_ip: 52.59.61.4 diff --cc hub1/parsers/s01-parse/crowdsecurity/.tests/postfix-logs/config.yaml index 0000000,0000000,0000000,0000000..6ab2a47 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/.tests/postfix-logs/config.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,8 @@@@@ ++++parser_input: parser_input.yaml ++++parser_results: parser_results.yaml ++++ ++++#configuration ++++index: "./config/hub/.index.json" ++++configurations: ++++ parsers: ++++ - crowdsecurity/postfix-logs diff --cc hub1/parsers/s01-parse/crowdsecurity/.tests/postfix-logs/parser_input.yaml index 0000000,0000000,0000000,0000000..a0315d8 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/.tests/postfix-logs/parser_input.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,126 @@@@@ ++++- ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 7 23:23:36 mail postfix/smtpd[21281]: warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log ++++ time: 2020-12-11T15:42:01.202977635+01:00 ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: 'warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure' ++++ pid: "21281" ++++ priority: "" ++++ program: postfix/smtpd ++++ timestamp: Dec 7 23:23:36 ++++ timestamp8601: "" ++++ Time: 2020-12-11T15:42:01.203091954+01:00 ++++ StrTime: Dec 7 23:23:36 ++++ Process: true ++++- ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 7 23:23:37 mail postfix/smtpd[21281]: disconnect from unknown[45.142.120.90] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log ++++ time: 2020-12-11T15:42:01.20315228+01:00 ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: disconnect from unknown[45.142.120.90] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4 ++++ pid: "21281" ++++ priority: "" ++++ program: postfix/smtpd ++++ timestamp: Dec 7 23:23:37 ++++ timestamp8601: "" ++++ Time: 2020-12-11T15:42:01.204131843+01:00 ++++ StrTime: Dec 7 23:23:37 ++++ Process: true ++++- ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 7 23:23:38 mail postfix/smtpd[21367]: connect from unknown[45.142.120.90]' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log ++++ time: 2020-12-11T15:42:01.204190996+01:00 ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: connect from unknown[45.142.120.90] ++++ pid: "21367" ++++ priority: "" ++++ program: postfix/smtpd ++++ timestamp: Dec 7 23:23:38 ++++ timestamp8601: "" ++++ Time: 2020-12-11T15:42:01.204646207+01:00 ++++ StrTime: Dec 7 23:23:38 ++++ Process: true ++++- ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 7 23:23:40 mail postfix/smtpd[21207]: warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log ++++ time: 2020-12-11T15:42:01.204713425+01:00 ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: 'warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure' ++++ pid: "21207" ++++ priority: "" ++++ program: postfix/smtpd ++++ timestamp: Dec 7 23:23:40 ++++ timestamp8601: "" ++++ Time: 2020-12-11T15:42:01.205068464+01:00 ++++ StrTime: Dec 7 23:23:40 ++++ Process: true ++++- ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 7 23:23:40 mail postfix/smtpd[21207]: disconnect from unknown[45.142.120.90] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log ++++ time: 2020-12-11T15:42:01.205128018+01:00 ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: disconnect from unknown[45.142.120.90] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4 ++++ pid: "21207" ++++ priority: "" ++++ program: postfix/smtpd ++++ timestamp: Dec 7 23:23:40 ++++ timestamp8601: "" ++++ Time: 2020-12-11T15:42:01.205401321+01:00 ++++ StrTime: Dec 7 23:23:40 ++++ Process: true ++++- ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 7 23:23:41 mail postfix/smtpd[21260]: connect from unknown[45.142.120.90]' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log ++++ time: 2020-12-11T15:42:01.205470513+01:00 ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: connect from unknown[45.142.120.90] ++++ pid: "21260" ++++ priority: "" ++++ program: postfix/smtpd ++++ timestamp: Dec 7 23:23:41 ++++ timestamp8601: "" ++++ Time: 2020-12-11T15:42:01.205699752+01:00 ++++ StrTime: Dec 7 23:23:41 ++++ Process: true diff --cc hub1/parsers/s01-parse/crowdsecurity/.tests/postfix-logs/parser_results.yaml index 0000000,0000000,0000000,0000000..4cf731b new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/.tests/postfix-logs/parser_results.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,266 @@@@@ ++++provisionalresults: ++++- s00-raw: {} ++++ s01-parse: ++++ crowdsecurity/postfix-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 7 23:23:36 mail postfix/smtpd[21281]: warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: 'warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure' ++++ message_failure: ' authentication failure' ++++ pid: "21281" ++++ priority: "" ++++ program: postfix/smtpd ++++ remote_addr: 45.142.120.90 ++++ remote_host: unknown ++++ timestamp: Dec 7 23:23:36 ++++ timestamp8601: "" ++++ StrTime: Dec 7 23:23:36 ++++ Meta: ++++ log_type: postfix ++++ log_type_enh: spam-attempt ++++ service: postfix ++++ source_hostname: unknown ++++ source_ip: 45.142.120.90 ++++ s02-enrich: ++++ "": ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 7 23:23:36 mail postfix/smtpd[21281]: warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: 'warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure' ++++ message_failure: ' authentication failure' ++++ pid: "21281" ++++ priority: "" ++++ program: postfix/smtpd ++++ remote_addr: 45.142.120.90 ++++ remote_host: unknown ++++ timestamp: Dec 7 23:23:36 ++++ timestamp8601: "" ++++ StrTime: Dec 7 23:23:36 ++++ Meta: ++++ log_type: postfix ++++ log_type_enh: spam-attempt ++++ service: postfix ++++ source_hostname: unknown ++++ source_ip: 45.142.120.90 ++++- s00-raw: {} ++++ s01-parse: {} ++++- s00-raw: {} ++++ s01-parse: {} ++++- s00-raw: {} ++++ s01-parse: ++++ crowdsecurity/postfix-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 7 23:23:40 mail postfix/smtpd[21207]: warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: 'warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure' ++++ message_failure: ' authentication failure' ++++ pid: "21207" ++++ priority: "" ++++ program: postfix/smtpd ++++ remote_addr: 45.142.120.90 ++++ remote_host: unknown ++++ timestamp: Dec 7 23:23:40 ++++ timestamp8601: "" ++++ StrTime: Dec 7 23:23:40 ++++ Meta: ++++ log_type: postfix ++++ log_type_enh: spam-attempt ++++ service: postfix ++++ source_hostname: unknown ++++ source_ip: 45.142.120.90 ++++ s02-enrich: ++++ "": ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 7 23:23:40 mail postfix/smtpd[21207]: warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: 'warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure' ++++ message_failure: ' authentication failure' ++++ pid: "21207" ++++ priority: "" ++++ program: postfix/smtpd ++++ remote_addr: 45.142.120.90 ++++ remote_host: unknown ++++ timestamp: Dec 7 23:23:40 ++++ timestamp8601: "" ++++ StrTime: Dec 7 23:23:40 ++++ Meta: ++++ log_type: postfix ++++ log_type_enh: spam-attempt ++++ service: postfix ++++ source_hostname: unknown ++++ source_ip: 45.142.120.90 ++++- s00-raw: {} ++++ s01-parse: {} ++++- s00-raw: {} ++++ s01-parse: {} ++++finalresults: ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 7 23:23:36 mail postfix/smtpd[21281]: warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: 'warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure' ++++ message_failure: ' authentication failure' ++++ pid: "21281" ++++ priority: "" ++++ program: postfix/smtpd ++++ remote_addr: 45.142.120.90 ++++ remote_host: unknown ++++ timestamp: Dec 7 23:23:36 ++++ timestamp8601: "" ++++ StrTime: Dec 7 23:23:36 ++++ Process: true ++++ Meta: ++++ log_type: postfix ++++ log_type_enh: spam-attempt ++++ service: postfix ++++ source_hostname: unknown ++++ source_ip: 45.142.120.90 ++++- ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 7 23:23:37 mail postfix/smtpd[21281]: disconnect from unknown[45.142.120.90] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: disconnect from unknown[45.142.120.90] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4 ++++ pid: "21281" ++++ priority: "" ++++ program: postfix/smtpd ++++ timestamp: Dec 7 23:23:37 ++++ timestamp8601: "" ++++ StrTime: Dec 7 23:23:37 ++++- ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 7 23:23:38 mail postfix/smtpd[21367]: connect from unknown[45.142.120.90]' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: connect from unknown[45.142.120.90] ++++ pid: "21367" ++++ priority: "" ++++ program: postfix/smtpd ++++ timestamp: Dec 7 23:23:38 ++++ timestamp8601: "" ++++ StrTime: Dec 7 23:23:38 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Dec 7 23:23:40 mail postfix/smtpd[21207]: warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: 'warning: unknown[45.142.120.90]: SASL LOGIN authentication failed: authentication failure' ++++ message_failure: ' authentication failure' ++++ pid: "21207" ++++ priority: "" ++++ program: postfix/smtpd ++++ remote_addr: 45.142.120.90 ++++ remote_host: unknown ++++ timestamp: Dec 7 23:23:40 ++++ timestamp8601: "" ++++ StrTime: Dec 7 23:23:40 ++++ Process: true ++++ Meta: ++++ log_type: postfix ++++ log_type_enh: spam-attempt ++++ service: postfix ++++ source_hostname: unknown ++++ source_ip: 45.142.120.90 ++++- ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 7 23:23:40 mail postfix/smtpd[21207]: disconnect from unknown[45.142.120.90] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: disconnect from unknown[45.142.120.90] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4 ++++ pid: "21207" ++++ priority: "" ++++ program: postfix/smtpd ++++ timestamp: Dec 7 23:23:40 ++++ timestamp8601: "" ++++ StrTime: Dec 7 23:23:40 ++++- ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Dec 7 23:23:41 mail postfix/smtpd[21260]: connect from unknown[45.142.120.90]' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/postfix-logs/postfix.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: connect from unknown[45.142.120.90] ++++ pid: "21260" ++++ priority: "" ++++ program: postfix/smtpd ++++ timestamp: Dec 7 23:23:41 ++++ timestamp8601: "" ++++ StrTime: Dec 7 23:23:41 diff --cc hub1/parsers/s01-parse/crowdsecurity/.tests/postscreen-logs/config.yaml index 0000000,0000000,0000000,0000000..b80efea new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/.tests/postscreen-logs/config.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,8 @@@@@ ++++parser_input: parser_input.yaml ++++parser_results: parser_results.yaml ++++ ++++#configuration ++++index: "./config/hub/.index.json" ++++configurations: ++++ parsers: ++++ - crowdsecurity/postscreen-logs diff --cc hub1/parsers/s01-parse/crowdsecurity/.tests/postscreen-logs/parser_input.yaml index 0000000,0000000,0000000,0000000..5bfebb9 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/.tests/postscreen-logs/parser_input.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,21 @@@@@ ++++- ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Oct 25 04:24:59 test postfix/postscreen[22244]: PREGREET 16 after 2.6 from [177.154.236.182]:41323: EHLO 127.0.0.1\r\n' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/postscreen-logs/postscreen.log ++++ time: 2020-12-11T15:42:01.202977635+01:00 ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: 'PREGREET 16 after 2.6 from [177.154.236.182]:41323: EHLO 127.0.0.1\r\n' ++++ pid: "22244" ++++ priority: "" ++++ program: postfix/postscreen ++++ timestamp: Dec 7 23:23:36 ++++ timestamp8601: "" ++++ Time: 2020-12-11T15:42:01.203091954+01:00 ++++ StrTime: Dec 7 23:23:36 ++++ Process: true diff --cc hub1/parsers/s01-parse/crowdsecurity/.tests/postscreen-logs/parser_results.yaml index 0000000,0000000,0000000,0000000..a073f3b new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/.tests/postscreen-logs/parser_results.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,95 @@@@@ ++++provisionalresults: ++++- s00-raw: {} ++++ s01-parse: ++++ crowdsecurity/postscreen-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Oct 25 04:24:59 test postfix/postscreen[22244]: PREGREET 16 after 2.6 from [177.154.236.182]:41323: EHLO 127.0.0.1\r\n' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/postscreen-logs/postscreen.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ count: "16" ++++ facility: "" ++++ logsource: syslog ++++ message: 'PREGREET 16 after 2.6 from [177.154.236.182]:41323: EHLO 127.0.0.1\r\n' ++++ message_attempt: EHLO 127.0.0.1\r\n ++++ pid: "22244" ++++ port: "41323" ++++ pregreet: PREGREET ++++ priority: "" ++++ program: postfix/postscreen ++++ remote_addr: 177.154.236.182 ++++ time_attempt: "2.6" ++++ timestamp: Dec 7 23:23:36 ++++ timestamp8601: "" ++++ StrTime: Dec 7 23:23:36 ++++ Meta: ++++ pregreet: PREGREET ++++ service: postscreen ++++ source_ip: 177.154.236.182 ++++ s02-enrich: ++++ "": ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Oct 25 04:24:59 test postfix/postscreen[22244]: PREGREET 16 after 2.6 from [177.154.236.182]:41323: EHLO 127.0.0.1\r\n' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/postscreen-logs/postscreen.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ count: "16" ++++ facility: "" ++++ logsource: syslog ++++ message: 'PREGREET 16 after 2.6 from [177.154.236.182]:41323: EHLO 127.0.0.1\r\n' ++++ message_attempt: EHLO 127.0.0.1\r\n ++++ pid: "22244" ++++ port: "41323" ++++ pregreet: PREGREET ++++ priority: "" ++++ program: postfix/postscreen ++++ remote_addr: 177.154.236.182 ++++ time_attempt: "2.6" ++++ timestamp: Dec 7 23:23:36 ++++ timestamp8601: "" ++++ StrTime: Dec 7 23:23:36 ++++ Meta: ++++ pregreet: PREGREET ++++ service: postscreen ++++ source_ip: 177.154.236.182 ++++finalresults: ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Oct 25 04:24:59 test postfix/postscreen[22244]: PREGREET 16 after 2.6 from [177.154.236.182]:41323: EHLO 127.0.0.1\r\n' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/postscreen-logs/postscreen.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ count: "16" ++++ facility: "" ++++ logsource: syslog ++++ message: 'PREGREET 16 after 2.6 from [177.154.236.182]:41323: EHLO 127.0.0.1\r\n' ++++ message_attempt: EHLO 127.0.0.1\r\n ++++ pid: "22244" ++++ port: "41323" ++++ pregreet: PREGREET ++++ priority: "" ++++ program: postfix/postscreen ++++ remote_addr: 177.154.236.182 ++++ time_attempt: "2.6" ++++ timestamp: Dec 7 23:23:36 ++++ timestamp8601: "" ++++ StrTime: Dec 7 23:23:36 ++++ Process: true ++++ Meta: ++++ pregreet: PREGREET ++++ service: postscreen ++++ source_ip: 177.154.236.182 diff --cc hub1/parsers/s01-parse/crowdsecurity/.tests/smb-logs/config.yaml index 0000000,0000000,0000000,0000000..1c11587 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/.tests/smb-logs/config.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,8 @@@@@ ++++parser_input: parser_input.yaml ++++parser_results: parser_results.yaml ++++ ++++#configuration ++++index: "./config/hub/.index.json" ++++configurations: ++++ parsers: ++++ - crowdsecurity/smb-logs diff --cc hub1/parsers/s01-parse/crowdsecurity/.tests/smb-logs/parser_input.yaml index 0000000,0000000,0000000,0000000..3d55572 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/.tests/smb-logs/parser_input.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,29 @@@@@ ++++- ExpectMode: 1 ++++ Stage: s01-parse ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: "Auth: [SMB2,(null)] user []\\[hp] at [Fri, 18 Dec 2020 02:49:33.333790 UTC] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [] remote host [ipv4:14.181.129.111:62493] mapped to []\\[hp]. local host [ipv4:172.18.0.3:445] #015" ++++ pid: "8421" ++++ priority: "" ++++ program: smb ++++ timestamp: Nov 10 15:01:29 ++++ timestamp8601: "" ++++ Time: 2020-12-11T13:05:46.765680868+01:00 ++++ StrTime: Nov 10 15:01:29 ++++ Process: true ++++- ExpectMode: 1 ++++ Stage: s01-parse ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: "Auth: [SMB2,(null)] user [domainname]\\[rcbiwx] at [Sat, 14 Nov 2020 06:52:41.882477 UTC] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [LOCALPCNAME] remote host [ipv4:180.252.252.57:55492] mapped to [domainname]\\[rcbiwx]. local host [ipv4:172.18.0.3:445] #015" ++++ pid: "8421" ++++ priority: "" ++++ program: smb ++++ timestamp: Nov 10 15:01:29 ++++ timestamp8601: "" ++++ Time: 2020-12-11T13:05:46.765680868+01:00 ++++ StrTime: Nov 10 15:01:29 ++++ Process: true ++++ diff --cc hub1/parsers/s01-parse/crowdsecurity/.tests/smb-logs/parser_results.yaml index 0000000,0000000,0000000,0000000..5cde0bc new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/.tests/smb-logs/parser_results.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,128 @@@@@ ++++provisionalresults: ++++- s00-raw: {} ++++ s01-parse: ++++ crowdsecurity/smb-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Parsed: ++++ facility: "" ++++ ip_source: 14.181.129.111 ++++ logsource: syslog ++++ message: 'Auth: [SMB2,(null)] user []\[hp] at [Fri, 18 Dec 2020 02:49:33.333790 UTC] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [] remote host [ipv4:14.181.129.111:62493] mapped to []\[hp]. local host [ipv4:172.18.0.3:445] #015' ++++ pid: "8421" ++++ priority: "" ++++ program: smb ++++ smb_domain: "" ++++ timestamp: Nov 10 15:01:29 ++++ timestamp8601: "" ++++ user: hp ++++ StrTime: Nov 10 15:01:29 ++++ Meta: ++++ log_type: smb_failed_auth ++++ source_ip: 14.181.129.111 ++++ user: hp ++++ s02-enrich: ++++ "": ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Parsed: ++++ facility: "" ++++ ip_source: 14.181.129.111 ++++ logsource: syslog ++++ message: 'Auth: [SMB2,(null)] user []\[hp] at [Fri, 18 Dec 2020 02:49:33.333790 UTC] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [] remote host [ipv4:14.181.129.111:62493] mapped to []\[hp]. local host [ipv4:172.18.0.3:445] #015' ++++ pid: "8421" ++++ priority: "" ++++ program: smb ++++ smb_domain: "" ++++ timestamp: Nov 10 15:01:29 ++++ timestamp8601: "" ++++ user: hp ++++ StrTime: Nov 10 15:01:29 ++++ Meta: ++++ log_type: smb_failed_auth ++++ source_ip: 14.181.129.111 ++++ user: hp ++++- s00-raw: {} ++++ s01-parse: ++++ crowdsecurity/smb-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Parsed: ++++ facility: "" ++++ ip_source: 180.252.252.57 ++++ logsource: syslog ++++ message: 'Auth: [SMB2,(null)] user [domainname]\[rcbiwx] at [Sat, 14 Nov 2020 06:52:41.882477 UTC] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [LOCALPCNAME] remote host [ipv4:180.252.252.57:55492] mapped to [domainname]\[rcbiwx]. local host [ipv4:172.18.0.3:445] #015' ++++ pid: "8421" ++++ priority: "" ++++ program: smb ++++ smb_domain: domainname ++++ timestamp: Nov 10 15:01:29 ++++ timestamp8601: "" ++++ user: rcbiwx ++++ StrTime: Nov 10 15:01:29 ++++ Meta: ++++ log_type: smb_failed_auth ++++ source_ip: 180.252.252.57 ++++ user: rcbiwx ++++ s02-enrich: ++++ "": ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Parsed: ++++ facility: "" ++++ ip_source: 180.252.252.57 ++++ logsource: syslog ++++ message: 'Auth: [SMB2,(null)] user [domainname]\[rcbiwx] at [Sat, 14 Nov 2020 06:52:41.882477 UTC] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [LOCALPCNAME] remote host [ipv4:180.252.252.57:55492] mapped to [domainname]\[rcbiwx]. local host [ipv4:172.18.0.3:445] #015' ++++ pid: "8421" ++++ priority: "" ++++ program: smb ++++ smb_domain: domainname ++++ timestamp: Nov 10 15:01:29 ++++ timestamp8601: "" ++++ user: rcbiwx ++++ StrTime: Nov 10 15:01:29 ++++ Meta: ++++ log_type: smb_failed_auth ++++ source_ip: 180.252.252.57 ++++ user: rcbiwx ++++finalresults: ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Parsed: ++++ facility: "" ++++ ip_source: 14.181.129.111 ++++ logsource: syslog ++++ message: 'Auth: [SMB2,(null)] user []\[hp] at [Fri, 18 Dec 2020 02:49:33.333790 UTC] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [] remote host [ipv4:14.181.129.111:62493] mapped to []\[hp]. local host [ipv4:172.18.0.3:445] #015' ++++ pid: "8421" ++++ priority: "" ++++ program: smb ++++ smb_domain: "" ++++ timestamp: Nov 10 15:01:29 ++++ timestamp8601: "" ++++ user: hp ++++ StrTime: Nov 10 15:01:29 ++++ Process: true ++++ Meta: ++++ log_type: smb_failed_auth ++++ source_ip: 14.181.129.111 ++++ user: hp ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Parsed: ++++ facility: "" ++++ ip_source: 180.252.252.57 ++++ logsource: syslog ++++ message: 'Auth: [SMB2,(null)] user [domainname]\[rcbiwx] at [Sat, 14 Nov 2020 06:52:41.882477 UTC] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [LOCALPCNAME] remote host [ipv4:180.252.252.57:55492] mapped to [domainname]\[rcbiwx]. local host [ipv4:172.18.0.3:445] #015' ++++ pid: "8421" ++++ priority: "" ++++ program: smb ++++ smb_domain: domainname ++++ timestamp: Nov 10 15:01:29 ++++ timestamp8601: "" ++++ user: rcbiwx ++++ StrTime: Nov 10 15:01:29 ++++ Process: true ++++ Meta: ++++ log_type: smb_failed_auth ++++ source_ip: 180.252.252.57 ++++ user: rcbiwx diff --cc hub1/parsers/s01-parse/crowdsecurity/.tests/sshd-logs/config.yaml index 0000000,0000000,0000000,0000000..1c435ba new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/.tests/sshd-logs/config.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,8 @@@@@ ++++parser_input: parser_input.yaml ++++parser_results: parser_results.yaml ++++ ++++#configuration ++++index: "./config/hub/.index.json" ++++configurations: ++++ parsers: ++++ - crowdsecurity/sshd-logs diff --cc hub1/parsers/s01-parse/crowdsecurity/.tests/sshd-logs/parser_input.yaml index 0000000,0000000,0000000,0000000..9a5ecc1 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/.tests/sshd-logs/parser_input.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,21 @@@@@ ++++- ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Nov 10 15:01:29 host sshd[8421]: Failed password for invalid user test_ftp from 1.1.1.1 port 38140 ssh2' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/sshd-logs/auth.log ++++ time: 2020-12-11T13:05:46.765615945+01:00 ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: Failed password for invalid user test_ftp from 1.1.1.1 port 38140 ssh2 ++++ pid: "8421" ++++ priority: "" ++++ program: sshd ++++ timestamp: Nov 10 15:01:29 ++++ timestamp8601: "" ++++ Time: 2020-12-11T13:05:46.765680868+01:00 ++++ StrTime: Nov 10 15:01:29 ++++ Process: true diff --cc hub1/parsers/s01-parse/crowdsecurity/.tests/sshd-logs/parser_results.yaml index 0000000,0000000,0000000,0000000..fdd4a1c new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/.tests/sshd-logs/parser_results.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,92 @@@@@ ++++provisionalresults: ++++- s00-raw: {} ++++ s01-parse: ++++ crowdsecurity/sshd-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Nov 10 15:01:29 host sshd[8421]: Failed password for invalid user test_ftp from 1.1.1.1 port 38140 ssh2' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/sshd-logs/auth.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: Failed password for invalid user test_ftp from 1.1.1.1 port 38140 ssh2 ++++ pid: "8421" ++++ priority: "" ++++ program: sshd ++++ sshd_client_ip: 1.1.1.1 ++++ sshd_invalid_user: test_ftp ++++ sshd_port: "38140" ++++ sshd_protocol: ssh2 ++++ timestamp: Nov 10 15:01:29 ++++ timestamp8601: "" ++++ StrTime: Nov 10 15:01:29 ++++ Meta: ++++ log_type: ssh_failed-auth ++++ service: ssh ++++ source_ip: 1.1.1.1 ++++ target_user: test_ftp ++++ s02-enrich: ++++ "": ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Nov 10 15:01:29 host sshd[8421]: Failed password for invalid user test_ftp from 1.1.1.1 port 38140 ssh2' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/sshd-logs/auth.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: Failed password for invalid user test_ftp from 1.1.1.1 port 38140 ssh2 ++++ pid: "8421" ++++ priority: "" ++++ program: sshd ++++ sshd_client_ip: 1.1.1.1 ++++ sshd_invalid_user: test_ftp ++++ sshd_port: "38140" ++++ sshd_protocol: ssh2 ++++ timestamp: Nov 10 15:01:29 ++++ timestamp8601: "" ++++ StrTime: Nov 10 15:01:29 ++++ Meta: ++++ log_type: ssh_failed-auth ++++ service: ssh ++++ source_ip: 1.1.1.1 ++++ target_user: test_ftp ++++finalresults: ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Nov 10 15:01:29 host sshd[8421]: Failed password for invalid user test_ftp from 1.1.1.1 port 38140 ssh2' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/sshd-logs/auth.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: syslog ++++ process: true ++++ Parsed: ++++ facility: "" ++++ logsource: syslog ++++ message: Failed password for invalid user test_ftp from 1.1.1.1 port 38140 ssh2 ++++ pid: "8421" ++++ priority: "" ++++ program: sshd ++++ sshd_client_ip: 1.1.1.1 ++++ sshd_invalid_user: test_ftp ++++ sshd_port: "38140" ++++ sshd_protocol: ssh2 ++++ timestamp: Nov 10 15:01:29 ++++ timestamp8601: "" ++++ StrTime: Nov 10 15:01:29 ++++ Process: true ++++ Meta: ++++ log_type: ssh_failed-auth ++++ service: ssh ++++ source_ip: 1.1.1.1 ++++ target_user: test_ftp diff --cc hub1/parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/config.yaml index 0000000,0000000,0000000,0000000..2438efb new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/config.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,8 @@@@@ ++++parser_input: parser_input.yaml ++++parser_results: parser_results.yaml ++++ ++++#configuration ++++index: "./config/hub/.index.json" ++++configurations: ++++ parsers: ++++ - crowdsecurity/tcpdump-logs diff --cc hub1/parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/parser_input.yaml index 0000000,0000000,0000000,0000000..04e6db4 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/parser_input.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,56 @@@@@ ++++- ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: '11:29:42.550475 IP 1.2.3.4.43436 > 172.1.2.3.22: Flags [S], seq 2398030442, win 64240, options [mss 1460,sackOK,TS val 2908275146 ecr 0,nop,wscale 7], length 0' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log ++++ time: 2020-12-14T12:36:58.747752499+01:00 ++++ Labels: ++++ type: tcpdump ++++ process: true ++++ Parsed: ++++ message: '11:29:42.550475 IP 1.2.3.4.43436 > 172.1.2.3.22: Flags [S], seq 2398030442, win 64240, options [mss 1460,sackOK,TS val 2908275146 ecr 0,nop,wscale 7], length 0' ++++ program: tcpdump ++++ Time: 2020-12-14T12:36:58.747773278+01:00 ++++ Process: true ++++- ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: '11:29:42.550554 IP 172.1.2.3.22 > 1.2.3.4.43436: Flags [S.], seq 1252624761, ack 2398030443, win 62643, options [mss 8961,sackOK,TS val 1384641183 ecr 2908275146,nop,wscale 7], length 0' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log ++++ time: 2020-12-14T12:36:58.747765613+01:00 ++++ Labels: ++++ type: tcpdump ++++ process: true ++++ Parsed: ++++ message: '11:29:42.550554 IP 172.1.2.3.22 > 1.2.3.4.43436: Flags [S.], seq 1252624761, ack 2398030443, win 62643, options [mss 8961,sackOK,TS val 1384641183 ecr 2908275146,nop,wscale 7], length 0' ++++ program: tcpdump ++++ Time: 2020-12-14T12:36:58.748136463+01:00 ++++ Process: true ++++- ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: '11:31:20.553633 IP 4.3.2.1.21803 > 172.1.2.3.22: Flags [S], seq 3756801163, win 29200, options [mss 1460,sackOK,TS val 9368516 ecr 0,nop,wscale 7], length 0' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log ++++ time: 2020-12-14T12:36:58.748206125+01:00 ++++ Labels: ++++ type: tcpdump ++++ process: true ++++ Parsed: ++++ message: '11:31:20.553633 IP 4.3.2.1.21803 > 172.1.2.3.22: Flags [S], seq 3756801163, win 29200, options [mss 1460,sackOK,TS val 9368516 ecr 0,nop,wscale 7], length 0' ++++ program: tcpdump ++++ Time: 2020-12-14T12:36:58.748274143+01:00 ++++ Process: true ++++- ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: '11:31:20.553713 IP 172.1.2.3.22 > 4.3.2.1.21803: Flags [S.], seq 1202442063, ack 3756801164, win 62643, options [mss 8961,sackOK,TS val 2669130073 ecr 9368516,nop,wscale 7], length 0' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log ++++ time: 2020-12-14T12:36:58.748363662+01:00 ++++ Labels: ++++ type: tcpdump ++++ process: true ++++ Parsed: ++++ message: '11:31:20.553713 IP 172.1.2.3.22 > 4.3.2.1.21803: Flags [S.], seq 1202442063, ack 3756801164, win 62643, options [mss 8961,sackOK,TS val 2669130073 ecr 9368516,nop,wscale 7], length 0' ++++ program: tcpdump ++++ Time: 2020-12-14T12:36:58.748402655+01:00 ++++ Process: true diff --cc hub1/parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/parser_results.yaml index 0000000,0000000,0000000,0000000..e118804 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/parser_results.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,326 @@@@@ ++++provisionalresults: ++++- s00-raw: {} ++++ s01-parse: ++++ crowdsecurity/tcpdump-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: '11:29:42.550475 IP 1.2.3.4.43436 > 172.1.2.3.22: Flags [S], seq 2398030442, win 64240, options [mss 1460,sackOK,TS val 2908275146 ecr 0,nop,wscale 7], length 0' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: tcpdump ++++ process: true ++++ Parsed: ++++ dest_ip: 172.1.2.3 ++++ dest_port: "22" ++++ message: '11:29:42.550475 IP 1.2.3.4.43436 > 172.1.2.3.22: Flags [S], seq 2398030442, win 64240, options [mss 1460,sackOK,TS val 2908275146 ecr 0,nop,wscale 7], length 0' ++++ new_connection: "true" ++++ program: tcpdump ++++ source_ip: 1.2.3.4 ++++ source_port: "43436" ++++ tcpflags: S ++++ timestamp: "11:29:42.550475" ++++ Meta: ++++ dest_ip: 172.1.2.3 ++++ dest_port: "22" ++++ log_type: tcp_syn ++++ service: tcp ++++ source_ip: 1.2.3.4 ++++ s02-enrich: ++++ "": ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: '11:29:42.550475 IP 1.2.3.4.43436 > 172.1.2.3.22: Flags [S], seq 2398030442, win 64240, options [mss 1460,sackOK,TS val 2908275146 ecr 0,nop,wscale 7], length 0' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: tcpdump ++++ process: true ++++ Parsed: ++++ dest_ip: 172.1.2.3 ++++ dest_port: "22" ++++ message: '11:29:42.550475 IP 1.2.3.4.43436 > 172.1.2.3.22: Flags [S], seq 2398030442, win 64240, options [mss 1460,sackOK,TS val 2908275146 ecr 0,nop,wscale 7], length 0' ++++ new_connection: "true" ++++ program: tcpdump ++++ source_ip: 1.2.3.4 ++++ source_port: "43436" ++++ tcpflags: S ++++ timestamp: "11:29:42.550475" ++++ Meta: ++++ dest_ip: 172.1.2.3 ++++ dest_port: "22" ++++ log_type: tcp_syn ++++ service: tcp ++++ source_ip: 1.2.3.4 ++++- s00-raw: {} ++++ s01-parse: ++++ crowdsecurity/tcpdump-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: '11:29:42.550554 IP 172.1.2.3.22 > 1.2.3.4.43436: Flags [S.], seq 1252624761, ack 2398030443, win 62643, options [mss 8961,sackOK,TS val 1384641183 ecr 2908275146,nop,wscale 7], length 0' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: tcpdump ++++ process: true ++++ Parsed: ++++ dest_ip: 1.2.3.4 ++++ dest_port: "43436" ++++ message: '11:29:42.550554 IP 172.1.2.3.22 > 1.2.3.4.43436: Flags [S.], seq 1252624761, ack 2398030443, win 62643, options [mss 8961,sackOK,TS val 1384641183 ecr 2908275146,nop,wscale 7], length 0' ++++ new_connection: "true" ++++ program: tcpdump ++++ source_ip: 172.1.2.3 ++++ source_port: "22" ++++ tcpflags: S. ++++ timestamp: "11:29:42.550554" ++++ Meta: ++++ dest_ip: 1.2.3.4 ++++ dest_port: "43436" ++++ log_type: tcp_syn ++++ service: tcp ++++ source_ip: 172.1.2.3 ++++ s02-enrich: ++++ "": ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: '11:29:42.550554 IP 172.1.2.3.22 > 1.2.3.4.43436: Flags [S.], seq 1252624761, ack 2398030443, win 62643, options [mss 8961,sackOK,TS val 1384641183 ecr 2908275146,nop,wscale 7], length 0' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: tcpdump ++++ process: true ++++ Parsed: ++++ dest_ip: 1.2.3.4 ++++ dest_port: "43436" ++++ message: '11:29:42.550554 IP 172.1.2.3.22 > 1.2.3.4.43436: Flags [S.], seq 1252624761, ack 2398030443, win 62643, options [mss 8961,sackOK,TS val 1384641183 ecr 2908275146,nop,wscale 7], length 0' ++++ new_connection: "true" ++++ program: tcpdump ++++ source_ip: 172.1.2.3 ++++ source_port: "22" ++++ tcpflags: S. ++++ timestamp: "11:29:42.550554" ++++ Meta: ++++ dest_ip: 1.2.3.4 ++++ dest_port: "43436" ++++ log_type: tcp_syn ++++ service: tcp ++++ source_ip: 172.1.2.3 ++++- s00-raw: {} ++++ s01-parse: ++++ crowdsecurity/tcpdump-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: '11:31:20.553633 IP 4.3.2.1.21803 > 172.1.2.3.22: Flags [S], seq 3756801163, win 29200, options [mss 1460,sackOK,TS val 9368516 ecr 0,nop,wscale 7], length 0' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: tcpdump ++++ process: true ++++ Parsed: ++++ dest_ip: 172.1.2.3 ++++ dest_port: "22" ++++ message: '11:31:20.553633 IP 4.3.2.1.21803 > 172.1.2.3.22: Flags [S], seq 3756801163, win 29200, options [mss 1460,sackOK,TS val 9368516 ecr 0,nop,wscale 7], length 0' ++++ new_connection: "true" ++++ program: tcpdump ++++ source_ip: 4.3.2.1 ++++ source_port: "21803" ++++ tcpflags: S ++++ timestamp: "11:31:20.553633" ++++ Meta: ++++ dest_ip: 172.1.2.3 ++++ dest_port: "22" ++++ log_type: tcp_syn ++++ service: tcp ++++ source_ip: 4.3.2.1 ++++ s02-enrich: ++++ "": ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: '11:31:20.553633 IP 4.3.2.1.21803 > 172.1.2.3.22: Flags [S], seq 3756801163, win 29200, options [mss 1460,sackOK,TS val 9368516 ecr 0,nop,wscale 7], length 0' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: tcpdump ++++ process: true ++++ Parsed: ++++ dest_ip: 172.1.2.3 ++++ dest_port: "22" ++++ message: '11:31:20.553633 IP 4.3.2.1.21803 > 172.1.2.3.22: Flags [S], seq 3756801163, win 29200, options [mss 1460,sackOK,TS val 9368516 ecr 0,nop,wscale 7], length 0' ++++ new_connection: "true" ++++ program: tcpdump ++++ source_ip: 4.3.2.1 ++++ source_port: "21803" ++++ tcpflags: S ++++ timestamp: "11:31:20.553633" ++++ Meta: ++++ dest_ip: 172.1.2.3 ++++ dest_port: "22" ++++ log_type: tcp_syn ++++ service: tcp ++++ source_ip: 4.3.2.1 ++++- s00-raw: {} ++++ s01-parse: ++++ crowdsecurity/tcpdump-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: '11:31:20.553713 IP 172.1.2.3.22 > 4.3.2.1.21803: Flags [S.], seq 1202442063, ack 3756801164, win 62643, options [mss 8961,sackOK,TS val 2669130073 ecr 9368516,nop,wscale 7], length 0' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: tcpdump ++++ process: true ++++ Parsed: ++++ dest_ip: 4.3.2.1 ++++ dest_port: "21803" ++++ message: '11:31:20.553713 IP 172.1.2.3.22 > 4.3.2.1.21803: Flags [S.], seq 1202442063, ack 3756801164, win 62643, options [mss 8961,sackOK,TS val 2669130073 ecr 9368516,nop,wscale 7], length 0' ++++ new_connection: "true" ++++ program: tcpdump ++++ source_ip: 172.1.2.3 ++++ source_port: "22" ++++ tcpflags: S. ++++ timestamp: "11:31:20.553713" ++++ Meta: ++++ dest_ip: 4.3.2.1 ++++ dest_port: "21803" ++++ log_type: tcp_syn ++++ service: tcp ++++ source_ip: 172.1.2.3 ++++ s02-enrich: ++++ "": ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: '11:31:20.553713 IP 172.1.2.3.22 > 4.3.2.1.21803: Flags [S.], seq 1202442063, ack 3756801164, win 62643, options [mss 8961,sackOK,TS val 2669130073 ecr 9368516,nop,wscale 7], length 0' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: tcpdump ++++ process: true ++++ Parsed: ++++ dest_ip: 4.3.2.1 ++++ dest_port: "21803" ++++ message: '11:31:20.553713 IP 172.1.2.3.22 > 4.3.2.1.21803: Flags [S.], seq 1202442063, ack 3756801164, win 62643, options [mss 8961,sackOK,TS val 2669130073 ecr 9368516,nop,wscale 7], length 0' ++++ new_connection: "true" ++++ program: tcpdump ++++ source_ip: 172.1.2.3 ++++ source_port: "22" ++++ tcpflags: S. ++++ timestamp: "11:31:20.553713" ++++ Meta: ++++ dest_ip: 4.3.2.1 ++++ dest_port: "21803" ++++ log_type: tcp_syn ++++ service: tcp ++++ source_ip: 172.1.2.3 ++++finalresults: ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: '11:29:42.550475 IP 1.2.3.4.43436 > 172.1.2.3.22: Flags [S], seq 2398030442, win 64240, options [mss 1460,sackOK,TS val 2908275146 ecr 0,nop,wscale 7], length 0' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: tcpdump ++++ process: true ++++ Parsed: ++++ dest_ip: 172.1.2.3 ++++ dest_port: "22" ++++ message: '11:29:42.550475 IP 1.2.3.4.43436 > 172.1.2.3.22: Flags [S], seq 2398030442, win 64240, options [mss 1460,sackOK,TS val 2908275146 ecr 0,nop,wscale 7], length 0' ++++ new_connection: "true" ++++ program: tcpdump ++++ source_ip: 1.2.3.4 ++++ source_port: "43436" ++++ tcpflags: S ++++ timestamp: "11:29:42.550475" ++++ Process: true ++++ Meta: ++++ dest_ip: 172.1.2.3 ++++ dest_port: "22" ++++ log_type: tcp_syn ++++ service: tcp ++++ source_ip: 1.2.3.4 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: '11:29:42.550554 IP 172.1.2.3.22 > 1.2.3.4.43436: Flags [S.], seq 1252624761, ack 2398030443, win 62643, options [mss 8961,sackOK,TS val 1384641183 ecr 2908275146,nop,wscale 7], length 0' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: tcpdump ++++ process: true ++++ Parsed: ++++ dest_ip: 1.2.3.4 ++++ dest_port: "43436" ++++ message: '11:29:42.550554 IP 172.1.2.3.22 > 1.2.3.4.43436: Flags [S.], seq 1252624761, ack 2398030443, win 62643, options [mss 8961,sackOK,TS val 1384641183 ecr 2908275146,nop,wscale 7], length 0' ++++ new_connection: "true" ++++ program: tcpdump ++++ source_ip: 172.1.2.3 ++++ source_port: "22" ++++ tcpflags: S. ++++ timestamp: "11:29:42.550554" ++++ Process: true ++++ Meta: ++++ dest_ip: 1.2.3.4 ++++ dest_port: "43436" ++++ log_type: tcp_syn ++++ service: tcp ++++ source_ip: 172.1.2.3 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: '11:31:20.553633 IP 4.3.2.1.21803 > 172.1.2.3.22: Flags [S], seq 3756801163, win 29200, options [mss 1460,sackOK,TS val 9368516 ecr 0,nop,wscale 7], length 0' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: tcpdump ++++ process: true ++++ Parsed: ++++ dest_ip: 172.1.2.3 ++++ dest_port: "22" ++++ message: '11:31:20.553633 IP 4.3.2.1.21803 > 172.1.2.3.22: Flags [S], seq 3756801163, win 29200, options [mss 1460,sackOK,TS val 9368516 ecr 0,nop,wscale 7], length 0' ++++ new_connection: "true" ++++ program: tcpdump ++++ source_ip: 4.3.2.1 ++++ source_port: "21803" ++++ tcpflags: S ++++ timestamp: "11:31:20.553633" ++++ Process: true ++++ Meta: ++++ dest_ip: 172.1.2.3 ++++ dest_port: "22" ++++ log_type: tcp_syn ++++ service: tcp ++++ source_ip: 4.3.2.1 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: '11:31:20.553713 IP 172.1.2.3.22 > 4.3.2.1.21803: Flags [S.], seq 1202442063, ack 3756801164, win 62643, options [mss 8961,sackOK,TS val 2669130073 ecr 9368516,nop,wscale 7], length 0' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/tcpdump-logs/tcpdump.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: tcpdump ++++ process: true ++++ Parsed: ++++ dest_ip: 4.3.2.1 ++++ dest_port: "21803" ++++ message: '11:31:20.553713 IP 172.1.2.3.22 > 4.3.2.1.21803: Flags [S.], seq 1202442063, ack 3756801164, win 62643, options [mss 8961,sackOK,TS val 2669130073 ecr 9368516,nop,wscale 7], length 0' ++++ new_connection: "true" ++++ program: tcpdump ++++ source_ip: 172.1.2.3 ++++ source_port: "22" ++++ tcpflags: S. ++++ timestamp: "11:31:20.553713" ++++ Process: true ++++ Meta: ++++ dest_ip: 4.3.2.1 ++++ dest_port: "21803" ++++ log_type: tcp_syn ++++ service: tcp ++++ source_ip: 172.1.2.3 diff --cc hub1/parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/config.yaml index 0000000,0000000,0000000,0000000..2e6cf67 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/config.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,9 @@@@@ ++++parser_input: parser_input.yaml ++++parser_results: parser_results.yaml ++++ ++++ ++++#configuration ++++index: "./config/hub/.index.json" ++++configurations: ++++ parsers: ++++ - crowdsecurity/vsftpd-logs diff --cc hub1/parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/parser_input.yaml index 0000000,0000000,0000000,0000000..458f837 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/parser_input.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,42 @@@@@ ++++- ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Mon Jun 8 12:08:44 2020 [pid 27245] CONNECT: Client "::ffff:93.24.101.89"' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/vsftpd.log ++++ time: 2020-12-11T13:08:30.633357386+01:00 ++++ Labels: ++++ type: vsftpd ++++ process: true ++++ Parsed: ++++ message: 'Mon Jun 8 12:08:44 2020 [pid 27245] CONNECT: Client "::ffff:93.24.101.89"' ++++ program: vsftpd ++++ Time: 2020-12-11T13:08:30.633416929+01:00 ++++ Process: true ++++- ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Mon Jun 8 12:08:53 2020 [pid 27244] [user] FAIL LOGIN: Client "::ffff:93.24.101.89"' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/vsftpd.log ++++ time: 2020-12-11T13:08:30.633484186+01:00 ++++ Labels: ++++ type: vsftpd ++++ process: true ++++ Parsed: ++++ message: 'Mon Jun 8 12:08:53 2020 [pid 27244] [user] FAIL LOGIN: Client "::ffff:93.24.101.89"' ++++ program: vsftpd ++++ Time: 2020-12-11T13:08:30.633866712+01:00 ++++ Process: true ++++- ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Mon Jun 8 12:12:43 2020 [pid 27307] [ubuntu] OK LOGIN: Client "::ffff:93.24.101.89"' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/vsftpd.log ++++ time: 2020-12-11T13:08:30.633938989+01:00 ++++ Labels: ++++ type: vsftpd ++++ process: true ++++ Parsed: ++++ message: 'Mon Jun 8 12:12:43 2020 [pid 27307] [ubuntu] OK LOGIN: Client "::ffff:93.24.101.89"' ++++ program: vsftpd ++++ Time: 2020-12-11T13:08:30.634181739+01:00 ++++ Process: true diff --cc hub1/parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/parser_results.yaml index 0000000,0000000,0000000,0000000..98891a6 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/parser_results.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,99 @@@@@ ++++provisionalresults: ++++- s00-raw: {} ++++ s01-parse: {} ++++- s00-raw: {} ++++ s01-parse: ++++ vsftpd-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Mon Jun 8 12:08:53 2020 [pid 27244] [user] FAIL LOGIN: Client "::ffff:93.24.101.89"' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/vsftpd.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: vsftpd ++++ process: true ++++ Parsed: ++++ message: 'Mon Jun 8 12:08:53 2020 [pid 27244] [user] FAIL LOGIN: Client "::ffff:93.24.101.89"' ++++ program: vsftpd ++++ source_ip: 93.24.101.89 ++++ timestamp: Mon Jun 8 12:08:53 2020 ++++ user: user ++++ StrTime: Mon Jun 8 12:08:53 2020 ++++ Meta: ++++ log_type: ftp_failed_auth ++++ program: vsftpd ++++ source_ip: 93.24.101.89 ++++ user: user ++++ s02-enrich: ++++ "": ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Mon Jun 8 12:08:53 2020 [pid 27244] [user] FAIL LOGIN: Client "::ffff:93.24.101.89"' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/vsftpd.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: vsftpd ++++ process: true ++++ Parsed: ++++ message: 'Mon Jun 8 12:08:53 2020 [pid 27244] [user] FAIL LOGIN: Client "::ffff:93.24.101.89"' ++++ program: vsftpd ++++ source_ip: 93.24.101.89 ++++ timestamp: Mon Jun 8 12:08:53 2020 ++++ user: user ++++ StrTime: Mon Jun 8 12:08:53 2020 ++++ Meta: ++++ log_type: ftp_failed_auth ++++ program: vsftpd ++++ source_ip: 93.24.101.89 ++++ user: user ++++- s00-raw: {} ++++ s01-parse: {} ++++finalresults: ++++- ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Mon Jun 8 12:08:44 2020 [pid 27245] CONNECT: Client "::ffff:93.24.101.89"' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/vsftpd.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: vsftpd ++++ process: true ++++ Parsed: ++++ message: 'Mon Jun 8 12:08:44 2020 [pid 27245] CONNECT: Client "::ffff:93.24.101.89"' ++++ program: vsftpd ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 'Mon Jun 8 12:08:53 2020 [pid 27244] [user] FAIL LOGIN: Client "::ffff:93.24.101.89"' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/vsftpd.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: vsftpd ++++ process: true ++++ Parsed: ++++ message: 'Mon Jun 8 12:08:53 2020 [pid 27244] [user] FAIL LOGIN: Client "::ffff:93.24.101.89"' ++++ program: vsftpd ++++ source_ip: 93.24.101.89 ++++ timestamp: Mon Jun 8 12:08:53 2020 ++++ user: user ++++ StrTime: Mon Jun 8 12:08:53 2020 ++++ Process: true ++++ Meta: ++++ log_type: ftp_failed_auth ++++ program: vsftpd ++++ source_ip: 93.24.101.89 ++++ user: user ++++- ExpectMode: 1 ++++ Stage: s01-parse ++++ Line: ++++ Raw: 'Mon Jun 8 12:12:43 2020 [pid 27307] [ubuntu] OK LOGIN: Client "::ffff:93.24.101.89"' ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/vsftpd-logs/vsftpd.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: vsftpd ++++ process: true ++++ Parsed: ++++ message: 'Mon Jun 8 12:12:43 2020 [pid 27307] [ubuntu] OK LOGIN: Client "::ffff:93.24.101.89"' ++++ program: vsftpd diff --cc hub1/parsers/s01-parse/crowdsecurity/apache2-logs.md index 0000000,0000000,0000000,0000000..bbd8ae7 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/apache2-logs.md @@@@@ -1,0 -1,0 -1,0 -1,0 +1,3 @@@@@ ++++This apache2 parser support access and error logs in the HTTPD COMBINED LOG standard format. ++++ ++++*note : * If you are aggregating logs from several domains, prefix your logline with the target FQDN. HTTP based scenarios should take this into account so that buckets are _per_ source IP per target FQDN, limiting false positives due to logs multiplexing. diff --cc hub1/parsers/s01-parse/crowdsecurity/apache2-logs.yaml index 0000000,0000000,0000000,0000000..1a32eb2 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/apache2-logs.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,74 @@@@@ ++++#Apache access/errors logs ++++#debug: true ++++filter: "evt.Parsed.program startsWith 'apache2'" ++++onsuccess: next_stage ++++name: crowdsecurity/apache2-logs ++++description: "Parse Apache2 access and error logs" ++++#log line can be prefixed by a target_fqdn ++++nodes: ++++ - grok: ++++ pattern: '(%{IPORHOST:target_fqdn} )?%{COMMONAPACHELOG} %{QS:referrer} %{QS:http_user_agent}' ++++ apply_on: message ++++ # these ones apply for both grok patterns ++++ statics: ++++ - meta: log_type ++++ value: http_access-log ++++ - target: evt.StrTime ++++ expression: evt.Parsed.timestamp ++++ - meta: service ++++ value: http ++++ - meta: source_ip ++++ expression: evt.Parsed.clientip ++++ - meta: http_status ++++ expression: evt.Parsed.response ++++ - meta: http_path ++++ expression: evt.Parsed.request ++++ onsuccess: next_stage ++++ - grok: ++++ pattern: '%{HTTPD_ERRORLOG}' ++++ apply_on: message ++++ onsuccess: next_stage ++++ pattern_syntax: ++++ NOT_DOUBLE_POINT: '[^:]+' ++++ NOT_DOUBLE_QUOTE: '[^"]+' ++++ nodes: ++++ - filter: "evt.Parsed.module == 'auth_basic'" ++++ onsuccess: next_stage ++++ pattern_syntax: ++++ EXTRACT_USER_AND_PATH: 'user %{NOT_DOUBLE_POINT:username}: authentication failure for "%{NOT_DOUBLE_QUOTE:target_uri}": Password Mismatch' ++++ grok: ++++ pattern: '%{EXTRACT_USER_AND_PATH}' ++++ apply_on: message ++++ # these ones apply for both grok patterns ++++ statics: ++++ - meta: username ++++ expression: evt.Parsed.username ++++ - meta: http_path ++++ expression: evt.Parsed.target_uri ++++ - meta: sub_type ++++ value: "auth_fail" ++++ - filter: "evt.Parsed.module == 'authz_core' && evt.Parsed.message contains 'client denied'" ++++ onsuccess: next_stage ++++ pattern_syntax: ++++ EXTRACT_PATH: 'client denied by server configuration: %{GREEDYDATA:target_uri}' ++++ grok: ++++ pattern: '%{EXTRACT_PATH}' ++++ apply_on: message ++++ statics: ++++ - meta: http_path ++++ expression: evt.Parsed.target_uri ++++ - meta: sub_type ++++ value: "permission_denied" ++++ statics: ++++ - meta: log_type ++++ value: http_error-log ++++ - target: evt.StrTime ++++ expression: evt.Parsed.timestamp ++++ - meta: service ++++ value: http ++++ - meta: source_ip ++++ expression: evt.Parsed.client ++++ - meta: http_status ++++ expression: evt.Parsed.response ++++ ++++ diff --cc hub1/parsers/s01-parse/crowdsecurity/cowrie-logs.yaml index 0000000,0000000,0000000,0000000..bc4a7ba new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/cowrie-logs.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,20 @@@@@ ++++onsuccess: next_stage ++++name: cowrie-logs ++++description: "Parse cowrie honeypots logs" ++++filter: "evt.Parsed.program == 'cowrie'" ++++grok: ++++ name: "COWRIE_NEW_CO" ++++ apply_on: message ++++statics: ++++ - meta: service ++++ value: telnet ++++ - meta: log_type ++++ value: telnet_new_session ++++ - meta: source_ip ++++ expression: "evt.Parsed.source_ip" ++++ - meta: dest_ip ++++ expression: "evt.Parsed.dest_ip" ++++ - meta: dest_port ++++ expression: "evt.Parsed.dest_port" ++++ - parsed: "telnet_session" ++++ expression: "evt.Parsed.telnet_session" diff --cc hub1/parsers/s01-parse/crowdsecurity/dovecot-logs.yaml index 0000000,0000000,0000000,0000000..333d73e new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/dovecot-logs.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,14 @@@@@ ++++#contribution by @ltsich ++++onsuccess: next_stage ++++debug: false ++++filter: "evt.Parsed.program == 'dovecot'" ++++name: crowdsecurity/dovecot-logs ++++description: "Parse dovecot logs" ++++grok: ++++ pattern: "%{WORD:protocol}-login: %{DATA:dovecot_login_result}: user=<%{DATA:dovecot_user}>.*, rip=%{IP:dovecot_remote_ip}, lip=%{IP:dovecot_local_ip}" ++++ apply_on: message ++++statics: ++++ - meta: log_type ++++ value: dovecot_logs ++++ - meta: source_ip ++++ expression: "evt.Parsed.dovecot_remote_ip" diff --cc hub1/parsers/s01-parse/crowdsecurity/iptables-logs.md index 0000000,0000000,0000000,0000000..4683bdc new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/iptables-logs.md @@@@@ -1,0 -1,0 -1,0 -1,0 +1,6 @@@@@ ++++A parser for iptables `-j LOG` logs. ++++ ++++All logged packets are considered as DROPs. ++++ ++++To make this parser relevant, you should have a `iptables -A INPUT -m state --state NEW -j LOG` or similar into your configuration. This one will log all new connections, successful or not. ++++ diff --cc hub1/parsers/s01-parse/crowdsecurity/iptables-logs.yaml index 0000000,0000000,0000000,0000000..4cc74f2 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/iptables-logs.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,16 @@@@@ ++++onsuccess: next_stage ++++#debug: true ++++filter: "evt.Parsed.program == 'kernel'" ++++name: crowdsecurity/iptables-logs ++++description: "Parse iptables drop logs" ++++grok: ++++ pattern: \[%{DATA}\]+.*(%{WORD:action})? IN=%{WORD:int_eth} OUT= MAC=%{IP}:%{MAC} SRC=%{IP:src_ip} DST=%{IP:dst_ip} LEN=%{INT:length}.*PROTO=%{WORD:proto} SPT=%{INT:src_port} DPT=%{INT:dst_port}.* ++++ apply_on: message ++++statics: ++++ - meta: service ++++ value: tcp ++++ - meta: log_type ++++ value: iptables_drop ++++ - meta: source_ip ++++ expression: "evt.Parsed.src_ip" ++++ diff --cc hub1/parsers/s01-parse/crowdsecurity/modsecurity.md index 0000000,0000000,0000000,0000000..6fa2944 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/modsecurity.md @@@@@ -1,0 -1,0 -1,0 -1,0 +1,3 @@@@@ ++++This modsecurity parser support modsecurity logs from apache2 error log. ++++ ++++(Not tested with Nginx yet). diff --cc hub1/parsers/s01-parse/crowdsecurity/modsecurity.yaml index 0000000,0000000,0000000,0000000..01f0f2e new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/modsecurity.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,13 @@@@@ ++++onsuccess: next_stage ++++filter: evt.Parsed.program == 'modsecurity' ++++name: crowdsecurity/modsecurity ++++#debug: true ++++description: A parser for modsecurity WAF ++++grok: ++++ name: MODSECAPACHEERROR ++++ apply_on: message ++++statics: ++++ - meta: log_type ++++ value: modsecurity ++++ - meta: source_ip ++++ expression: evt.Parsed.sourcehost diff --cc hub1/parsers/s01-parse/crowdsecurity/mysql-logs.md index 0000000,0000000,0000000,0000000..6304844 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/mysql-logs.md @@@@@ -1,0 -1,0 -1,0 -1,0 +1,1 @@@@@ ++++Mysql authentication fail parser. diff --cc hub1/parsers/s01-parse/crowdsecurity/mysql-logs.yaml index 0000000,0000000,0000000,0000000..69a755f new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/mysql-logs.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,14 @@@@@ ++++onsuccess: next_stage ++++name: crowdsecurity/mysql-logs ++++description: "Parse MySQL logs" ++++filter: "evt.Parsed.program == 'mysql'" ++++grok: ++++ name: "MYSQL_AUTH_FAIL" ++++ apply_on: message ++++statics: ++++ - meta: log_type ++++ value: mysql_failed_auth ++++ - meta: source_ip ++++ expression: "evt.Parsed.source_ip" ++++ - meta: user ++++ expression: "evt.Parsed.user" diff --cc hub1/parsers/s01-parse/crowdsecurity/nginx-logs.md index 0000000,0000000,0000000,0000000..da43bbb new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/nginx-logs.md @@@@@ -1,0 -1,0 -1,0 -1,0 +1,5 @@@@@ ++++A generic parser for nginx, support both access and error logs. ++++ ++++ ++++*note : * If you are aggregating logs from several domains, prefix your logline with the target FQDN. HTTP based scenarios should take this into account so that buckets are _per_ source IP per target FQDN, limiting false positives due to logs multiplexing. ++++ diff --cc hub1/parsers/s01-parse/crowdsecurity/nginx-logs.yaml index 0000000,0000000,0000000,0000000..5eea4c6 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/nginx-logs.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,33 @@@@@ ++++filter: "evt.Parsed.program startsWith 'nginx'" ++++onsuccess: next_stage ++++#debug: true ++++name: crowdsecurity/nginx-logs ++++description: "Parse nginx access and error logs" ++++nodes: ++++ - grok: ++++ pattern: '(%{IPORHOST:target_fqdn} )?%{IPORHOST:remote_addr} - %{NGUSER:remote_user} \[%{HTTPDATE:time_local}\] "%{WORD:verb} %{URIPATHPARAM:request} HTTP/%{NUMBER:http_version}" %{NUMBER:status} %{NUMBER:body_bytes_sent} "%{NOTDQUOTE:http_referer}" "%{NOTDQUOTE:http_user_agent}"' ++++ apply_on: message ++++ statics: ++++ - meta: log_type ++++ value: http_access-log ++++ - target: evt.StrTime ++++ expression: evt.Parsed.time_local ++++ - grok: ++++ # and this one the error log ++++ pattern: '(%{IPORHOST:target_fqdn} )?%{NGINXERRTIME:time} \[%{LOGLEVEL:loglevel}\] %{NONNEGINT:pid}#%{NONNEGINT:tid}: (\*%{NONNEGINT:cid} )?%{GREEDYDATA:message}' ++++ apply_on: message ++++ statics: ++++ - meta: log_type ++++ value: http_error-log ++++ - target: evt.StrTime ++++ expression: evt.Parsed.time ++++# these ones apply for both grok patterns ++++statics: ++++ - meta: service ++++ value: http ++++ - meta: source_ip ++++ expression: "evt.Parsed.remote_addr" ++++ - meta: http_status ++++ expression: "evt.Parsed.status" ++++ - meta: http_path ++++ expression: "evt.Parsed.request" diff --cc hub1/parsers/s01-parse/crowdsecurity/postfix-logs.yaml index 0000000,0000000,0000000,0000000..0580a3d new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/postfix-logs.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,61 @@@@@ ++++# Copyright (c) 2014, 2015, Rudy Gevaert ++++# Copyright (c) 2020 Crowdsec ++++ ++++# Permission is hereby granted, free of charge, to any person obtaining ++++# a copy of this software and associated documentation files (the ++++# "Software"), to deal in the Software without restriction, including ++++# without limitation the rights to use, copy, modify, merge, publish, ++++# distribute, sublicense, and/or sell copies of the Software, and to ++++# permit persons to whom the Software is furnished to do so, subject to ++++# the following conditions: ++++ ++++# The above copyright notice and this permission notice shall be ++++# included in all copies or substantial portions of the Software. ++++ ++++# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, ++++# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF ++++# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ++++# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE ++++# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION ++++# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION ++++# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ++++ ++++# Some of the groks used here are from https://github.com/rgevaert/grok-patterns/blob/master/grok.d/postfix_patterns ++++onsuccess: next_stage ++++filter: "evt.Parsed.program == 'postfix/smtpd'" ++++name: crowdsecurity/postfix-logs ++++pattern_syntax: ++++ POSTFIX_HOSTNAME: '(%{HOSTNAME}|unknown)' ++++ POSTFIX_COMMAND: '(AUTH|STARTTLS|CONNECT|EHLO|HELO|RCPT)' ++++ POSTFIX_ACTION: 'discard|dunno|filter|hold|ignore|info|prepend|redirect|replace|reject|warn' ++++ RELAY: '(?:%{HOSTNAME:remote_host}(?:\[%{IP:remote_addr}\](?::[0-9]+(.[0-9]+)?)?)?)' ++++description: "Parse postfix logs" ++++nodes: ++++ - grok: ++++ apply_on: message ++++ pattern: 'lost connection after %{DATA:smtp_response} from %{RELAY}' ++++ statics: ++++ - meta: log_type_enh ++++ value: spam-attempt ++++ - grok: ++++ apply_on: message ++++ pattern: 'warning: %{POSTFIX_HOSTNAME:remote_host}\[%{IP:remote_addr}\]: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed:%{GREEDYDATA:message_failure}' ++++ statics: ++++ - meta: log_type_enh ++++ value: spam-attempt ++++ - grok: ++++ apply_on: message ++++ pattern: 'NOQUEUE: %{POSTFIX_ACTION:action}: %{DATA:command} from %{RELAY}: %{GREEDYDATA:reason}' ++++ statics: ++++ - meta: action ++++ expression: "evt.Parsed.action" ++++statics: ++++ - meta: service ++++ value: postfix ++++ - meta: source_ip ++++ expression: "evt.Parsed.remote_addr" ++++ - meta: source_hostname ++++ expression: "evt.Parsed.remote_host" ++++ - meta: log_type ++++ value: postfix ++++ diff --cc hub1/parsers/s01-parse/crowdsecurity/postscreen-logs.yaml index 0000000,0000000,0000000,0000000..83e0404 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/postscreen-logs.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,20 @@@@@ ++++onsuccess: next_stage ++++filter: "evt.Parsed.program == 'postfix/postscreen'" ++++name: crowdsecurity/postscreen-logs ++++pattern_syntax: ++++ POSTSCREEN_PREGREET: 'PREGREET' ++++ POSTSCREEN_PREGREET_TIME_ATTEMPT: '\d+.\d+' ++++description: "Parse postscreen logs" ++++nodes: ++++ - grok: ++++ apply_on: message ++++ pattern: '%{POSTSCREEN_PREGREET:pregreet} %{INT:count} after %{POSTSCREEN_PREGREET_TIME_ATTEMPT:time_attempt} from \[%{IP:remote_addr}\]:%{INT:port}: %{GREEDYDATA:message_attempt}' ++++statics: ++++ - meta: service ++++ value: postscreen ++++ - meta: source_ip ++++ expression: "evt.Parsed.remote_addr" ++++ - meta: pregreet ++++ expression: "evt.Parsed.pregreet" ++++ ++++ diff --cc hub1/parsers/s01-parse/crowdsecurity/smb-logs.yaml index 0000000,0000000,0000000,0000000..98b4a8e new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/smb-logs.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,14 @@@@@ ++++onsuccess: next_stage ++++name: crowdsecurity/smb-logs ++++filter: evt.Parsed.program == 'smb' ++++description: "Parse SMB logs" ++++grok: ++++ name: "SMB_AUTH_FAIL" ++++ apply_on: message ++++statics: ++++ - meta: log_type ++++ value: smb_failed_auth ++++ - meta: source_ip ++++ expression: "evt.Parsed.ip_source" ++++ - meta: user ++++ expression: "evt.Parsed.user" diff --cc hub1/parsers/s01-parse/crowdsecurity/sshd-logs.md index 0000000,0000000,0000000,0000000..26ebfcf new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/sshd-logs.md @@@@@ -1,0 -1,0 -1,0 -1,0 +1,2 @@@@@ ++++Your one fits-all ssh parser with support for the most common kind of failed authentications and errors. ++++ diff --cc hub1/parsers/s01-parse/crowdsecurity/sshd-logs.yaml index 0000000,0000000,0000000,0000000..0064a9d new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/sshd-logs.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,36 @@@@@ ++++onsuccess: next_stage ++++filter: "evt.Parsed.program == 'sshd'" ++++name: crowdsecurity/sshd-logs ++++description: "Parse openSSH logs" ++++nodes: ++++ - grok: ++++ name: "SSHD_FAIL" ++++ apply_on: message ++++ statics: ++++ - meta: target_user ++++ expression: "evt.Parsed.sshd_invalid_user" ++++ - grok: ++++ name: "SSHD_DISC_PREAUTH" ++++ apply_on: message ++++ - grok: ++++ name: "SSHD_BAD_VERSION" ++++ apply_on: message ++++ - grok: ++++ name: "SSHD_INVAL_USER" ++++ apply_on: message ++++ statics: ++++ - meta: target_user ++++ expression: "evt.Parsed.sshd_invalid_user" ++++ - grok: ++++ name: "SSHD_USER_FAIL" ++++ apply_on: message ++++ statics: ++++ - meta: target_user ++++ expression: "evt.Parsed.sshd_invalid_user" ++++statics: ++++ - meta: service ++++ value: ssh ++++ - meta: log_type ++++ value: ssh_failed-auth ++++ - meta: source_ip ++++ expression: "evt.Parsed.sshd_client_ip" diff --cc hub1/parsers/s01-parse/crowdsecurity/tcpdump-logs.md index 0000000,0000000,0000000,0000000..56dd6d1 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/tcpdump-logs.md @@@@@ -1,0 -1,0 -1,0 -1,0 +1,25 @@@@@ ++++A parser for tcpdump logs. ++++ ++++To make this parser relevant, you should have add tcpdump command that log tcp scan : ++++ ++++An example: ++++```bash ++++cat < /etc/systemd/system/tcpdump.service ++++[Unit] ++++Description=TCPDUMP ++++ ++++[Service] ++++Type=simple ++++User=root ++++ExecStart=/bin/sh -c 'tcpdump -l -n -i eth0 "tcp[tcpflags] & (tcp-syn) != 0" >> /var/log/tcpdump.out' ++++Restart=on-failure ++++ ++++[Install] ++++WantedBy=multi-user.target ++++EOF ++++ ++++systemctl daemon-reload ++++systemctl enable tcpdump.service ++++service tcpdump start ++++``` ++++ diff --cc hub1/parsers/s01-parse/crowdsecurity/tcpdump-logs.yaml index 0000000,0000000,0000000,0000000..bbd6528 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/tcpdump-logs.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,21 @@@@@ ++++onsuccess: next_stage ++++filter: "evt.Parsed.program == 'tcpdump'" ++++name: crowdsecurity/tcpdump-logs ++++#debug: true ++++description: "Parse tcpdump raw logs" ++++grok: ++++ name: "TCPDUMP_OUTPUT" ++++ apply_on: message ++++statics: ++++ - meta: service ++++ value: tcp ++++ - meta: log_type ++++ value: tcp_syn ++++ - meta: source_ip ++++ expression: "evt.Parsed.source_ip" ++++ - meta: dest_ip ++++ expression: "evt.Parsed.dest_ip" ++++ - meta: dest_port ++++ expression: "evt.Parsed.dest_port" ++++ - parsed: "new_connection" ++++ expression: "evt.Parsed.tcpflags contains 'S' ? 'true' : 'false'" diff --cc hub1/parsers/s01-parse/crowdsecurity/vsftpd-logs.md index 0000000,0000000,0000000,0000000..ed28593 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/vsftpd-logs.md @@@@@ -1,0 -1,0 -1,0 -1,0 +1,1 @@@@@ ++++FTP ([vsftpd](https://en.wikipedia.org/wiki/Vsftpd)) authentication fail parser. diff --cc hub1/parsers/s01-parse/crowdsecurity/vsftpd-logs.yaml index 0000000,0000000,0000000,0000000..0f43188 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s01-parse/crowdsecurity/vsftpd-logs.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,21 @@@@@ ++++onsuccess: next_stage ++++name: vsftpd-logs ++++description: "Parse VSFTPD logs" ++++filter: "evt.Parsed.program == 'vsftpd'" ++++#debug: true ++++pattern_syntax: ++++ FTP_AUTH_FAIL: '%{HTTPDERROR_DATE:timestamp} \[pid %{NUMBER}\] \[%{GREEDYDATA:user}\] FAIL LOGIN: Client "(::ffff:)?%{IP:source_ip}"' ++++grok: ++++ pattern: "%{FTP_AUTH_FAIL}" ++++ apply_on: message ++++statics: ++++ - meta: program ++++ value: vsftpd ++++ - meta: log_type ++++ value: ftp_failed_auth ++++ - meta: source_ip ++++ expression: "evt.Parsed.source_ip" ++++ - meta: user ++++ expression: "evt.Parsed.user" ++++ - target: evt.StrTime ++++ expression: evt.Parsed.timestamp diff --cc hub1/parsers/s02-enrich/crowdsecurity/.tests/dateparse-enrich/config.yaml index 0000000,0000000,0000000,0000000..9e6999e new file mode 100644 --- /dev/null +++ b/hub1/parsers/s02-enrich/crowdsecurity/.tests/dateparse-enrich/config.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,12 @@@@@ ++++parser_input: parser_input.yaml ++++parser_results: parser_results.yaml ++++ ++++marshaled_time_year: 2020 ++++ ++++#configuration ++++index: "./config/hub/.index.json" ++++configurations: ++++ parsers: ++++ - crowdsecurity/dateparse-enrich ++++ ++++ diff --cc hub1/parsers/s02-enrich/crowdsecurity/.tests/dateparse-enrich/parser_input.yaml index 0000000,0000000,0000000,0000000..329dcd3 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s02-enrich/crowdsecurity/.tests/dateparse-enrich/parser_input.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,5 @@@@@ ++++#these are the events we input into parser ++++- StrTime: "08/Jun/2020:06:49:01 +0000" ++++- StrTime: "Jun 7 11:17:17" ++++- StrTime: "Mon Jun 8 12:08:53 2020" ++++- StrTime: "2020-04-16T05:13:40.861934Z" diff --cc hub1/parsers/s02-enrich/crowdsecurity/.tests/dateparse-enrich/parser_results.yaml index 0000000,0000000,0000000,0000000..82f73c1 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s02-enrich/crowdsecurity/.tests/dateparse-enrich/parser_results.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,86 @@@@@ ++++provisionalresults: ++++- s00-raw: ++++ "": ++++ Stage: s01-parse ++++ StrTime: 08/Jun/2020:06:49:01 +0000 ++++ s01-parse: ++++ "": ++++ Stage: s02-enrich ++++ StrTime: 08/Jun/2020:06:49:01 +0000 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ Stage: s02-enrich ++++ Enriched: ++++ MarshaledTime: "2020-06-08T06:49:01Z" ++++ StrTime: 08/Jun/2020:06:49:01 +0000 ++++ MarshaledTime: "2020-06-08T06:49:01Z" ++++- s00-raw: ++++ "": ++++ Stage: s01-parse ++++ StrTime: Jun 7 11:17:17 ++++ s01-parse: ++++ "": ++++ Stage: s02-enrich ++++ StrTime: Jun 7 11:17:17 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ Stage: s02-enrich ++++ Enriched: ++++ MarshaledTime: "2020-06-07T11:17:17Z" ++++ StrTime: Jun 7 11:17:17 ++++ MarshaledTime: "2020-06-07T11:17:17Z" ++++- s00-raw: ++++ "": ++++ Stage: s01-parse ++++ StrTime: Mon Jun 8 12:08:53 2020 ++++ s01-parse: ++++ "": ++++ Stage: s02-enrich ++++ StrTime: Mon Jun 8 12:08:53 2020 ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ Stage: s02-enrich ++++ Enriched: ++++ MarshaledTime: "2020-06-08T12:08:53Z" ++++ StrTime: Mon Jun 8 12:08:53 2020 ++++ MarshaledTime: "2020-06-08T12:08:53Z" ++++- s00-raw: ++++ "": ++++ Stage: s01-parse ++++ StrTime: "2020-04-16T05:13:40.861934Z" ++++ s01-parse: ++++ "": ++++ Stage: s02-enrich ++++ StrTime: "2020-04-16T05:13:40.861934Z" ++++ s02-enrich: ++++ crowdsecurity/dateparse-enrich: ++++ Stage: s02-enrich ++++ Enriched: ++++ MarshaledTime: "2020-04-16T05:13:40.861934Z" ++++ StrTime: "2020-04-16T05:13:40.861934Z" ++++ MarshaledTime: "2020-04-16T05:13:40.861934Z" ++++finalresults: ++++- Stage: s02-enrich ++++ Enriched: ++++ MarshaledTime: "2020-06-08T06:49:01Z" ++++ StrTime: 08/Jun/2020:06:49:01 +0000 ++++ MarshaledTime: "2020-06-08T06:49:01Z" ++++ Process: true ++++- Stage: s02-enrich ++++ Enriched: ++++ MarshaledTime: "2020-06-07T11:17:17Z" ++++ StrTime: Jun 7 11:17:17 ++++ MarshaledTime: "2020-06-07T11:17:17Z" ++++ Process: true ++++- Stage: s02-enrich ++++ Enriched: ++++ MarshaledTime: "2020-06-08T12:08:53Z" ++++ StrTime: Mon Jun 8 12:08:53 2020 ++++ MarshaledTime: "2020-06-08T12:08:53Z" ++++ Process: true ++++- Stage: s02-enrich ++++ Enriched: ++++ MarshaledTime: "2020-04-16T05:13:40.861934Z" ++++ StrTime: "2020-04-16T05:13:40.861934Z" ++++ MarshaledTime: "2020-04-16T05:13:40.861934Z" ++++ Process: true diff --cc hub1/parsers/s02-enrich/crowdsecurity/.tests/geoip-enrich/config.yaml index 0000000,0000000,0000000,0000000..f01a82a new file mode 100644 --- /dev/null +++ b/hub1/parsers/s02-enrich/crowdsecurity/.tests/geoip-enrich/config.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,8 @@@@@ ++++parser_input: parser_input.yaml ++++parser_results: parser_results.yaml ++++ ++++#configuration ++++index: "./config/hub/.index.json" ++++configurations: ++++ parsers: ++++ - crowdsecurity/geoip-enrich diff --cc hub1/parsers/s02-enrich/crowdsecurity/.tests/geoip-enrich/parser_input.yaml index 0000000,0000000,0000000,0000000..c1aa9d5 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s02-enrich/crowdsecurity/.tests/geoip-enrich/parser_input.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,5 @@@@@ ++++#these are the events we input into parser ++++- Meta: ++++ source_ip: 8.8.8.8 ++++- Meta: ++++ source_ip: 192.168.0.1 diff --cc hub1/parsers/s02-enrich/crowdsecurity/.tests/geoip-enrich/parser_results.yaml index 0000000,0000000,0000000,0000000..0b5fcb6 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s02-enrich/crowdsecurity/.tests/geoip-enrich/parser_results.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,84 @@@@@ ++++provisionalresults: ++++- s00-raw: ++++ "": ++++ Stage: s01-parse ++++ Meta: ++++ source_ip: 8.8.8.8 ++++ s01-parse: ++++ "": ++++ Stage: s02-enrich ++++ Meta: ++++ source_ip: 8.8.8.8 ++++ s02-enrich: ++++ crowdsecurity/geoip-enrich: ++++ Stage: s02-enrich ++++ Enriched: ++++ ASNNumber: "15169" ++++ ASNOrg: Google LLC ++++ IsInEU: "false" ++++ IsoCode: US ++++ Latitude: "37.751000" ++++ Longitude: "-97.822000" ++++ SourceRange: 8.8.8.0/24 ++++ Meta: ++++ ASNNumber: "15169" ++++ ASNOrg: Google LLC ++++ IsInEU: "false" ++++ IsoCode: US ++++ SourceRange: 8.8.8.0/24 ++++ source_ip: 8.8.8.8 ++++- s00-raw: ++++ "": ++++ Stage: s01-parse ++++ Meta: ++++ source_ip: 192.168.0.1 ++++ s01-parse: ++++ "": ++++ Stage: s02-enrich ++++ Meta: ++++ source_ip: 192.168.0.1 ++++ s02-enrich: ++++ crowdsecurity/geoip-enrich: ++++ Stage: s02-enrich ++++ Enriched: ++++ ASNNumber: "0" ++++ ASNOrg: "" ++++ IsInEU: "false" ++++ IsoCode: "" ++++ Latitude: "0.000000" ++++ Longitude: "0.000000" ++++ Meta: ++++ ASNNumber: "0" ++++ IsInEU: "false" ++++ source_ip: 192.168.0.1 ++++finalresults: ++++- Stage: s02-enrich ++++ Enriched: ++++ ASNNumber: "15169" ++++ ASNOrg: Google LLC ++++ IsInEU: "false" ++++ IsoCode: US ++++ Latitude: "37.751000" ++++ Longitude: "-97.822000" ++++ SourceRange: 8.8.8.0/24 ++++ Process: true ++++ Meta: ++++ ASNNumber: "15169" ++++ ASNOrg: Google LLC ++++ IsInEU: "false" ++++ IsoCode: US ++++ SourceRange: 8.8.8.0/24 ++++ source_ip: 8.8.8.8 ++++- Stage: s02-enrich ++++ Enriched: ++++ ASNNumber: "0" ++++ ASNOrg: "" ++++ IsInEU: "false" ++++ IsoCode: "" ++++ Latitude: "0.000000" ++++ Longitude: "0.000000" ++++ Process: true ++++ Meta: ++++ ASNNumber: "0" ++++ IsInEU: "false" ++++ source_ip: 192.168.0.1 diff --cc hub1/parsers/s02-enrich/crowdsecurity/.tests/http-logs/config.yaml index 0000000,0000000,0000000,0000000..d46a5f9 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s02-enrich/crowdsecurity/.tests/http-logs/config.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,8 @@@@@ ++++parser_input: parser_input.yaml ++++parser_results: parser_results.yaml ++++ ++++#configuration ++++index: "./config/hub/.index.json" ++++configurations: ++++ parsers: ++++ - crowdsecurity/http-logs diff --cc hub1/parsers/s02-enrich/crowdsecurity/.tests/http-logs/parser_input.yaml index 0000000,0000000,0000000,0000000..9abca52 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s02-enrich/crowdsecurity/.tests/http-logs/parser_input.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,166 @@@@@ ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log ++++ time: 2020-12-01T23:19:00.262113291+01:00 ++++ Labels: ++++ type: nginx ++++ process: true ++++ Parsed: ++++ body_bytes_sent: "522" ++++ http_referer: '-' ++++ http_user_agent: Go-http-client/1.1 ++++ http_version: "1.1" ++++ message: 5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1" ++++ method: GET ++++ program: nginx ++++ remote_addr: 5.5.8.5 ++++ remote_user: '-' ++++ request: /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo ++++ status: "404" ++++ target_fqdn: "" ++++ time_local: 04/Jan/2020:07:25:02 +0000 ++++ Time: 2020-12-01T23:19:00.262129175+01:00 ++++ StrTime: 04/Jan/2020:07:25:02 +0000 ++++ Process: true ++++ Meta: ++++ http_path: /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo ++++ http_status: "404" ++++ log_type: http_access-log ++++ service: http ++++ source_ip: 5.5.8.5 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log ++++ time: 2020-12-01T23:19:00.263881872+01:00 ++++ Labels: ++++ type: nginx ++++ process: true ++++ Parsed: ++++ body_bytes_sent: "550" ++++ http_referer: '-' ++++ http_user_agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) ++++ http_version: "1.1" ++++ message: 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" ++++ method: GET ++++ program: nginx ++++ remote_addr: 52.59.61.4 ++++ remote_user: '-' ++++ request: /index.php/nous-contacter/ ++++ status: "500" ++++ target_fqdn: "" ++++ time_local: 04/Jan/2020:08:41:43 +0000 ++++ Time: 2020-12-01T23:19:00.264385615+01:00 ++++ StrTime: 04/Jan/2020:08:41:43 +0000 ++++ Process: true ++++ Meta: ++++ http_path: /index.php/nous-contacter/ ++++ http_status: "500" ++++ log_type: http_access-log ++++ service: http ++++ source_ip: 52.59.61.4 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log ++++ time: 2020-12-01T23:18:58.885136572+01:00 ++++ Labels: ++++ type: apache2 ++++ process: true ++++ Parsed: ++++ agent: '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"' ++++ auth: '-' ++++ bytes: "803" ++++ clientip: 195.54.160.135 ++++ httpversion: "1.1" ++++ ident: '-' ++++ message: 195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" ++++ program: apache2 ++++ rawrequest: "" ++++ referrer: '"-"' ++++ request: /solr/admin/info/system?wt=json ++++ response: "500" ++++ target_fqdn: "" ++++ timestamp: 08/Jun/2020:08:04:43 +0000 ++++ verb: GET ++++ Time: 2020-12-01T23:18:58.885943039+01:00 ++++ StrTime: 08/Jun/2020:08:04:43 +0000 ++++ Process: true ++++ Meta: ++++ http_path: /solr/admin/info/system?wt=json ++++ http_status: "500" ++++ log_type: http_access-log ++++ service: http ++++ source_ip: 195.54.160.135 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log ++++ time: 2020-12-01T23:18:58.886407549+01:00 ++++ Labels: ++++ type: apache2 ++++ process: true ++++ Parsed: ++++ agent: '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"' ++++ auth: '-' ++++ bytes: "803" ++++ clientip: 1.2.3.4 ++++ httpversion: "1.1" ++++ ident: '-' ++++ message: www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" ++++ program: apache2 ++++ rawrequest: "" ++++ referrer: '"-"' ++++ request: /solr/admin/info/system?wt=json ++++ response: "500" ++++ target_fqdn: www.crowdsec.net ++++ timestamp: 08/Jun/2020:08:04:43 +0000 ++++ verb: GET ++++ Time: 2020-12-01T23:18:58.8875633+01:00 ++++ StrTime: 08/Jun/2020:08:04:43 +0000 ++++ Process: true ++++ Meta: ++++ http_path: /solr/admin/info/system?wt=json ++++ http_status: "500" ++++ log_type: http_access-log ++++ service: http ++++ source_ip: 1.2.3.4 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: www.crowdsec11.net 1.2.3.5 - - [08/Jun/2020:08:04:43 +0000] "GET /test/uppercase/extensions.JPG HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log ++++ time: 2020-12-01T23:18:58.886407549+01:00 ++++ Labels: ++++ type: apache2 ++++ process: true ++++ Parsed: ++++ agent: '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"' ++++ auth: '-' ++++ bytes: "803" ++++ clientip: 1.2.3.5 ++++ httpversion: "1.1" ++++ ident: '-' ++++ message: www.crowdsec11.net 1.2.3.5 - - [08/Jun/2020:08:04:43 +0000] "GET /test/uppercase/extensions.JPG HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" ++++ program: apache2 ++++ rawrequest: "" ++++ referrer: '"-"' ++++ request: /test/uppercase/extensions.JPG ++++ response: "500" ++++ target_fqdn: www.crowdsec11.net ++++ timestamp: 08/Jun/2020:08:04:43 +0000 ++++ verb: GET ++++ Time: 2020-12-01T23:18:58.8875633+01:00 ++++ StrTime: 08/Jun/2020:08:04:43 +0000 ++++ Process: true ++++ Meta: ++++ http_path: /test/uppercase/extensions.JPG ++++ http_status: "500" ++++ log_type: http_access-log ++++ service: http ++++ source_ip: 1.2.3.5 diff --cc hub1/parsers/s02-enrich/crowdsecurity/.tests/http-logs/parser_results.yaml index 0000000,0000000,0000000,0000000..4f018d0 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s02-enrich/crowdsecurity/.tests/http-logs/parser_results.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,413 @@@@@ ++++provisionalresults: ++++- s00-raw: {} ++++ s01-parse: {} ++++ s02-enrich: ++++ crowdsecurity/http-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: nginx ++++ process: true ++++ Parsed: ++++ body_bytes_sent: "522" ++++ file_dir: /.well-known/acme-challenge/ ++++ file_ext: "" ++++ file_frag: FMuukC2JOJ5HKmLBujjE_BkDo ++++ file_name: FMuukC2JOJ5HKmLBujjE_BkDo ++++ http_referer: '-' ++++ http_user_agent: Go-http-client/1.1 ++++ http_version: "1.1" ++++ impact_completion: "false" ++++ message: 5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1" ++++ method: GET ++++ program: nginx ++++ remote_addr: 5.5.8.5 ++++ remote_user: '-' ++++ request: /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo ++++ static_ressource: "false" ++++ status: "404" ++++ target_fqdn: "" ++++ time_local: 04/Jan/2020:07:25:02 +0000 ++++ StrTime: 04/Jan/2020:07:25:02 +0000 ++++ Meta: ++++ http_args_len: "0" ++++ http_path: /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo ++++ http_status: "404" ++++ log_type: http_access-log ++++ service: http ++++ source_ip: 5.5.8.5 ++++- s00-raw: {} ++++ s01-parse: {} ++++ s02-enrich: ++++ crowdsecurity/http-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: nginx ++++ process: true ++++ Parsed: ++++ body_bytes_sent: "550" ++++ file_dir: /index.php/ ++++ file_ext: "" ++++ file_frag: nous-contacter/ ++++ file_name: nous-contacter/ ++++ http_referer: '-' ++++ http_user_agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) ++++ http_version: "1.1" ++++ impact_completion: "true" ++++ message: 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" ++++ method: GET ++++ program: nginx ++++ remote_addr: 52.59.61.4 ++++ remote_user: '-' ++++ request: /index.php/nous-contacter/ ++++ static_ressource: "false" ++++ status: "500" ++++ target_fqdn: "" ++++ time_local: 04/Jan/2020:08:41:43 +0000 ++++ StrTime: 04/Jan/2020:08:41:43 +0000 ++++ Meta: ++++ http_args_len: "0" ++++ http_path: /index.php/nous-contacter/ ++++ http_status: "500" ++++ log_type: http_access-log ++++ service: http ++++ source_ip: 52.59.61.4 ++++- s00-raw: {} ++++ s01-parse: {} ++++ s02-enrich: ++++ crowdsecurity/http-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: apache2 ++++ process: true ++++ Parsed: ++++ agent: '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"' ++++ auth: '-' ++++ bytes: "803" ++++ clientip: 195.54.160.135 ++++ file_dir: /solr/admin/info/ ++++ file_ext: "" ++++ file_frag: system ++++ file_name: system ++++ http_args: wt=json ++++ httpversion: "1.1" ++++ ident: '-' ++++ impact_completion: "true" ++++ message: 195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" ++++ program: apache2 ++++ rawrequest: "" ++++ referrer: '"-"' ++++ request: /solr/admin/info/system ++++ response: "500" ++++ static_ressource: "false" ++++ target_fqdn: "" ++++ timestamp: 08/Jun/2020:08:04:43 +0000 ++++ verb: GET ++++ StrTime: 08/Jun/2020:08:04:43 +0000 ++++ Meta: ++++ http_args_len: "7" ++++ http_path: /solr/admin/info/system?wt=json ++++ http_status: "500" ++++ log_type: http_access-log ++++ service: http ++++ source_ip: 195.54.160.135 ++++- s00-raw: {} ++++ s01-parse: {} ++++ s02-enrich: ++++ crowdsecurity/http-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: apache2 ++++ process: true ++++ Parsed: ++++ agent: '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"' ++++ auth: '-' ++++ bytes: "803" ++++ clientip: 1.2.3.4 ++++ file_dir: /solr/admin/info/ ++++ file_ext: "" ++++ file_frag: system ++++ file_name: system ++++ http_args: wt=json ++++ httpversion: "1.1" ++++ ident: '-' ++++ impact_completion: "true" ++++ message: www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" ++++ program: apache2 ++++ rawrequest: "" ++++ referrer: '"-"' ++++ request: /solr/admin/info/system ++++ response: "500" ++++ static_ressource: "false" ++++ target_fqdn: www.crowdsec.net ++++ timestamp: 08/Jun/2020:08:04:43 +0000 ++++ verb: GET ++++ StrTime: 08/Jun/2020:08:04:43 +0000 ++++ Meta: ++++ http_args_len: "7" ++++ http_path: /solr/admin/info/system?wt=json ++++ http_status: "500" ++++ log_type: http_access-log ++++ service: http ++++ source_ip: 1.2.3.4 ++++- s00-raw: {} ++++ s01-parse: {} ++++ s02-enrich: ++++ crowdsecurity/http-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: www.crowdsec11.net 1.2.3.5 - - [08/Jun/2020:08:04:43 +0000] "GET /test/uppercase/extensions.JPG HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: apache2 ++++ process: true ++++ Parsed: ++++ agent: '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"' ++++ auth: '-' ++++ bytes: "803" ++++ clientip: 1.2.3.5 ++++ file_dir: /test/uppercase/ ++++ file_ext: .JPG ++++ file_frag: extensions ++++ file_name: extensions.JPG ++++ httpversion: "1.1" ++++ ident: '-' ++++ impact_completion: "true" ++++ message: www.crowdsec11.net 1.2.3.5 - - [08/Jun/2020:08:04:43 +0000] "GET /test/uppercase/extensions.JPG HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" ++++ program: apache2 ++++ rawrequest: "" ++++ referrer: '"-"' ++++ request: /test/uppercase/extensions.JPG ++++ response: "500" ++++ static_ressource: "true" ++++ target_fqdn: www.crowdsec11.net ++++ timestamp: 08/Jun/2020:08:04:43 +0000 ++++ verb: GET ++++ StrTime: 08/Jun/2020:08:04:43 +0000 ++++ Meta: ++++ http_args_len: "0" ++++ http_path: /test/uppercase/extensions.JPG ++++ http_status: "500" ++++ log_type: http_access-log ++++ service: http ++++ source_ip: 1.2.3.5 ++++finalresults: ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: nginx ++++ process: true ++++ Parsed: ++++ body_bytes_sent: "522" ++++ file_dir: /.well-known/acme-challenge/ ++++ file_ext: "" ++++ file_frag: FMuukC2JOJ5HKmLBujjE_BkDo ++++ file_name: FMuukC2JOJ5HKmLBujjE_BkDo ++++ http_referer: '-' ++++ http_user_agent: Go-http-client/1.1 ++++ http_version: "1.1" ++++ impact_completion: "false" ++++ message: 5.5.8.5 - - [04/Jan/2020:07:25:02 +0000] "GET /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo HTTP/1.1" 404 522 "-" "Go-http-client/1.1" ++++ method: GET ++++ program: nginx ++++ remote_addr: 5.5.8.5 ++++ remote_user: '-' ++++ request: /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo ++++ static_ressource: "false" ++++ status: "404" ++++ target_fqdn: "" ++++ time_local: 04/Jan/2020:07:25:02 +0000 ++++ StrTime: 04/Jan/2020:07:25:02 +0000 ++++ Process: true ++++ Meta: ++++ http_args_len: "0" ++++ http_path: /.well-known/acme-challenge/FMuukC2JOJ5HKmLBujjE_BkDo ++++ http_status: "404" ++++ log_type: http_access-log ++++ service: http ++++ source_ip: 5.5.8.5 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/nginx-logs/nginx.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: nginx ++++ process: true ++++ Parsed: ++++ body_bytes_sent: "550" ++++ file_dir: /index.php/ ++++ file_ext: "" ++++ file_frag: nous-contacter/ ++++ file_name: nous-contacter/ ++++ http_referer: '-' ++++ http_user_agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) ++++ http_version: "1.1" ++++ impact_completion: "true" ++++ message: 52.59.61.4 - - [04/Jan/2020:08:41:43 +0000] "GET /index.php/nous-contacter/ HTTP/1.1" 500 550 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" ++++ method: GET ++++ program: nginx ++++ remote_addr: 52.59.61.4 ++++ remote_user: '-' ++++ request: /index.php/nous-contacter/ ++++ static_ressource: "false" ++++ status: "500" ++++ target_fqdn: "" ++++ time_local: 04/Jan/2020:08:41:43 +0000 ++++ StrTime: 04/Jan/2020:08:41:43 +0000 ++++ Process: true ++++ Meta: ++++ http_args_len: "0" ++++ http_path: /index.php/nous-contacter/ ++++ http_status: "500" ++++ log_type: http_access-log ++++ service: http ++++ source_ip: 52.59.61.4 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: 195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: apache2 ++++ process: true ++++ Parsed: ++++ agent: '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"' ++++ auth: '-' ++++ bytes: "803" ++++ clientip: 195.54.160.135 ++++ file_dir: /solr/admin/info/ ++++ file_ext: "" ++++ file_frag: system ++++ file_name: system ++++ http_args: wt=json ++++ httpversion: "1.1" ++++ ident: '-' ++++ impact_completion: "true" ++++ message: 195.54.160.135 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" ++++ program: apache2 ++++ rawrequest: "" ++++ referrer: '"-"' ++++ request: /solr/admin/info/system ++++ response: "500" ++++ static_ressource: "false" ++++ target_fqdn: "" ++++ timestamp: 08/Jun/2020:08:04:43 +0000 ++++ verb: GET ++++ StrTime: 08/Jun/2020:08:04:43 +0000 ++++ Process: true ++++ Meta: ++++ http_args_len: "7" ++++ http_path: /solr/admin/info/system?wt=json ++++ http_status: "500" ++++ log_type: http_access-log ++++ service: http ++++ source_ip: 195.54.160.135 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: apache2 ++++ process: true ++++ Parsed: ++++ agent: '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"' ++++ auth: '-' ++++ bytes: "803" ++++ clientip: 1.2.3.4 ++++ file_dir: /solr/admin/info/ ++++ file_ext: "" ++++ file_frag: system ++++ file_name: system ++++ http_args: wt=json ++++ httpversion: "1.1" ++++ ident: '-' ++++ impact_completion: "true" ++++ message: www.crowdsec.net 1.2.3.4 - - [08/Jun/2020:08:04:43 +0000] "GET /solr/admin/info/system?wt=json HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" ++++ program: apache2 ++++ rawrequest: "" ++++ referrer: '"-"' ++++ request: /solr/admin/info/system ++++ response: "500" ++++ static_ressource: "false" ++++ target_fqdn: www.crowdsec.net ++++ timestamp: 08/Jun/2020:08:04:43 +0000 ++++ verb: GET ++++ StrTime: 08/Jun/2020:08:04:43 +0000 ++++ Process: true ++++ Meta: ++++ http_args_len: "7" ++++ http_path: /solr/admin/info/system?wt=json ++++ http_status: "500" ++++ log_type: http_access-log ++++ service: http ++++ source_ip: 1.2.3.4 ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Line: ++++ Raw: www.crowdsec11.net 1.2.3.5 - - [08/Jun/2020:08:04:43 +0000] "GET /test/uppercase/extensions.JPG HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" ++++ Src: ./parsers/s01-parse/crowdsecurity/.tests/apache2-logs/apache2.log ++++ time: 0001-01-01T00:00:00Z ++++ Labels: ++++ type: apache2 ++++ process: true ++++ Parsed: ++++ agent: '"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"' ++++ auth: '-' ++++ bytes: "803" ++++ clientip: 1.2.3.5 ++++ file_dir: /test/uppercase/ ++++ file_ext: .JPG ++++ file_frag: extensions ++++ file_name: extensions.JPG ++++ httpversion: "1.1" ++++ ident: '-' ++++ impact_completion: "true" ++++ message: www.crowdsec11.net 1.2.3.5 - - [08/Jun/2020:08:04:43 +0000] "GET /test/uppercase/extensions.JPG HTTP/1.1" 500 803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" ++++ program: apache2 ++++ rawrequest: "" ++++ referrer: '"-"' ++++ request: /test/uppercase/extensions.JPG ++++ response: "500" ++++ static_ressource: "true" ++++ target_fqdn: www.crowdsec11.net ++++ timestamp: 08/Jun/2020:08:04:43 +0000 ++++ verb: GET ++++ StrTime: 08/Jun/2020:08:04:43 +0000 ++++ Process: true ++++ Meta: ++++ http_args_len: "0" ++++ http_path: /test/uppercase/extensions.JPG ++++ http_status: "500" ++++ log_type: http_access-log ++++ service: http ++++ source_ip: 1.2.3.5 diff --cc hub1/parsers/s02-enrich/crowdsecurity/.tests/naxsi-logs/config.yaml index 0000000,0000000,0000000,0000000..66ea60b new file mode 100644 --- /dev/null +++ b/hub1/parsers/s02-enrich/crowdsecurity/.tests/naxsi-logs/config.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,8 @@@@@ ++++parser_input: parser_input.yaml ++++parser_results: parser_results.yaml ++++ ++++#configuration ++++index: "./config/hub/.index.json" ++++configurations: ++++ parsers: ++++ - crowdsecurity/naxsi-logs diff --cc hub1/parsers/s02-enrich/crowdsecurity/.tests/naxsi-logs/parser_input.yaml index 0000000,0000000,0000000,0000000..12bc3c2 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s02-enrich/crowdsecurity/.tests/naxsi-logs/parser_input.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,10 @@@@@ ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Parsed: ++++ program: nginx ++++ message: "NAXSI_EXLOG: ip=127.0.0.1&server=127.0.0.1&uri=/&id=1302&zone=ARGS&var_name=a&content=a<>bcd" ++++ Time: 2020-12-01T23:19:00.262129175+01:00 ++++ StrTime: 04/Jan/2020:07:25:02 +0000 ++++ Process: true ++++ Meta: ++++ log_type: http_error-log diff --cc hub1/parsers/s02-enrich/crowdsecurity/.tests/naxsi-logs/parser_results.yaml index 0000000,0000000,0000000,0000000..782bf59 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s02-enrich/crowdsecurity/.tests/naxsi-logs/parser_results.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,39 @@@@@ ++++provisionalresults: ++++- s00-raw: {} ++++ s01-parse: {} ++++ s02-enrich: ++++ crowdsecurity/naxsi-logs: ++++ ExpectMode: 1 ++++ Stage: s02-enrich ++++ Parsed: ++++ http_path: / ++++ message: 'NAXSI_EXLOG: ip=127.0.0.1&server=127.0.0.1&uri=/&id=1302&zone=ARGS&var_name=a&content=a<>bcd' ++++ naxsi_dst_ip: 127.0.0.1 ++++ naxsi_id: "1302" ++++ naxsi_src_ip: 127.0.0.1 ++++ naxsi_var_name: a ++++ naxsi_zone: ARGS ++++ program: nginx ++++ StrTime: 04/Jan/2020:07:25:02 +0000 ++++ Meta: ++++ http_path: / ++++ log_type: waf_naxsi-log ++++ source_ip: 127.0.0.1 ++++finalresults: ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Parsed: ++++ http_path: / ++++ message: 'NAXSI_EXLOG: ip=127.0.0.1&server=127.0.0.1&uri=/&id=1302&zone=ARGS&var_name=a&content=a<>bcd' ++++ naxsi_dst_ip: 127.0.0.1 ++++ naxsi_id: "1302" ++++ naxsi_src_ip: 127.0.0.1 ++++ naxsi_var_name: a ++++ naxsi_zone: ARGS ++++ program: nginx ++++ StrTime: 04/Jan/2020:07:25:02 +0000 ++++ Process: true ++++ Meta: ++++ http_path: / ++++ log_type: waf_naxsi-log ++++ source_ip: 127.0.0.1 diff --cc hub1/parsers/s02-enrich/crowdsecurity/.tests/whitelists/config.yaml index 0000000,0000000,0000000,0000000..fb43733 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s02-enrich/crowdsecurity/.tests/whitelists/config.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,7 @@@@@ ++++parser_input: parser_input.yaml ++++parser_results: parser_results.yaml ++++#configuration ++++index: "./config/hub/.index.json" ++++configurations: ++++ parsers: ++++ - crowdsecurity/whitelists diff --cc hub1/parsers/s02-enrich/crowdsecurity/.tests/whitelists/parser_input.yaml index 0000000,0000000,0000000,0000000..09c7c28 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s02-enrich/crowdsecurity/.tests/whitelists/parser_input.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,10 @@@@@ ++++- ExpectMode: 1 ++++ Stage: s02-enrich ++++ Time: 2020-12-11T13:05:46.765680868+01:00 ++++ StrTime: Nov 10 15:01:29 ++++ Process: true ++++ Meta: ++++ log_type: ssh_failed-auth ++++ service: ssh ++++ source_ip: 127.0.0.1 ++++ target_user: test_ftp diff --cc hub1/parsers/s02-enrich/crowdsecurity/.tests/whitelists/parser_results.yaml index 0000000,0000000,0000000,0000000..dc0a5ab new file mode 100644 --- /dev/null +++ b/hub1/parsers/s02-enrich/crowdsecurity/.tests/whitelists/parser_results.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,27 @@@@@ ++++provisionalresults: ++++- s00-raw: {} ++++ s01-parse: {} ++++ s02-enrich: ++++ crowdsecurity/whitelists: ++++ ExpectMode: 1 ++++ Whitelisted: true ++++ whitelist_reason: private ipv4 ranges ++++ Stage: s02-enrich ++++ StrTime: Nov 10 15:01:29 ++++ Meta: ++++ log_type: ssh_failed-auth ++++ service: ssh ++++ source_ip: 127.0.0.1 ++++ target_user: test_ftp ++++finalresults: ++++- ExpectMode: 1 ++++ Whitelisted: true ++++ whitelist_reason: private ipv4 ranges ++++ Stage: s02-enrich ++++ StrTime: Nov 10 15:01:29 ++++ Process: true ++++ Meta: ++++ log_type: ssh_failed-auth ++++ service: ssh ++++ source_ip: 127.0.0.1 ++++ target_user: test_ftp diff --cc hub1/parsers/s02-enrich/crowdsecurity/dateparse-enrich.md index 0000000,0000000,0000000,0000000..7e04a88 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s02-enrich/crowdsecurity/dateparse-enrich.md @@@@@ -1,0 -1,0 -1,0 -1,0 +1,17 @@@@@ ++++Parses timestamp strings in logs to be used in [forensic mode](https://doc.crowdsec.net/Crowdsec/v1/user_guide/forensic_mode/). The following formats are currently supported : ++++ ++++ - RFC3339 ++++ - `02/Jan/2006:15:04:05 -0700` ++++ - `Mon Jan 2 15:04:05 2006` ++++ - `02-Jan-2006 15:04:05 europe/paris` ++++ - `01/02/2006 15:04:05` ++++ - `2006-01-02 15:04:05.999999999 -0700 MST` ++++ - `Jan 2 15:04:05` ++++ - `Mon Jan 02 15:04:05.000000 2006` ++++ - `2006-01-02T15:04:05Z07:00` ++++ - `2006/01/02` ++++ - `2006/01/02 15:04` ++++ - `2006-01-02` ++++ - `2006-01-02 15:04` ++++ ++++The `StrTime` item of the event is parsed by default. See [crowdsecurity/syslog-logs](https://hub.crowdsec.net/author/crowdsecurity/configurations/syslog-logs) as an example of a parser setting this field for `crowdsecurity/dateparse-enrich`. diff --cc hub1/parsers/s02-enrich/crowdsecurity/dateparse-enrich.yaml index 0000000,0000000,0000000,0000000..d803f27 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s02-enrich/crowdsecurity/dateparse-enrich.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,9 @@@@@ ++++filter: "evt.StrTime != ''" ++++name: crowdsecurity/dateparse-enrich ++++#debug: true ++++#it's a hack lol ++++statics: ++++ - method: ParseDate ++++ expression: evt.StrTime ++++ - target: MarshaledTime ++++ expression: evt.Enriched.MarshaledTime diff --cc hub1/parsers/s02-enrich/crowdsecurity/geoip-enrich.md index 0000000,0000000,0000000,0000000..72167c7 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s02-enrich/crowdsecurity/geoip-enrich.md @@@@@ -1,0 -1,0 -1,0 -1,0 +1,15 @@@@@ ++++The GeoIP module relies on geolite database to provide enrichment on source ip. ++++ ++++The following informations will be added to the event : ++++ - `Meta.IsoCode` : two-letters country code ++++ - `Meta.IsInEU` : a boolean indicating if IP is in EU ++++ - `Meta.GeoCoords` : latitude & longitude of IP ++++ - `Meta.ASNNumber` : Autonomous System Number ++++ - `Meta.ASNOrg` : Autonomous System Name ++++ - `Meta.SourceRange` : The public range to which the IP belongs ++++ ++++ ++++This configuration includes GeoLite2 data created by MaxMind available from [https://www.maxmind.com](https://www.maxmind.com), it includes two data files: ++++* [GeoLite2-City.mmdb](https://crowdsec-statics-assets.s3-eu-west-1.amazonaws.com/GeoLite2-City.mmdb) ++++* [GeoLite2-ASN.mmdb](https://crowdsec-statics-assets.s3-eu-west-1.amazonaws.com/GeoLite2-ASN.mmdb) ++++ diff --cc hub1/parsers/s02-enrich/crowdsecurity/geoip-enrich.yaml index 0000000,0000000,0000000,0000000..59a4fca new file mode 100644 --- /dev/null +++ b/hub1/parsers/s02-enrich/crowdsecurity/geoip-enrich.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,27 @@@@@ ++++filter: "'source_ip' in evt.Meta" ++++name: crowdsecurity/geoip-enrich ++++description: "Populate event with geoloc info : as, country, coords, source range." ++++data: ++++ - source_url: https://crowdsec-statics-assets.s3-eu-west-1.amazonaws.com/GeoLite2-City.mmdb ++++ dest_file: GeoLite2-City.mmdb ++++ - source_url: https://crowdsec-statics-assets.s3-eu-west-1.amazonaws.com/GeoLite2-ASN.mmdb ++++ dest_file: GeoLite2-ASN.mmdb ++++statics: ++++ - method: GeoIpCity ++++ expression: evt.Meta.source_ip ++++ - meta: IsoCode ++++ expression: evt.Enriched.IsoCode ++++ - meta: IsInEU ++++ expression: evt.Enriched.IsInEU ++++ - meta: GeoCoords ++++ expression: evt.Enriched.GeoCoords ++++ - method: GeoIpASN ++++ expression: evt.Meta.source_ip ++++ - meta: ASNNumber ++++ expression: evt.Enriched.ASNNumber ++++ - meta: ASNOrg ++++ expression: evt.Enriched.ASNOrg ++++ - method: IpToRange ++++ expression: evt.Meta.source_ip ++++ - meta: SourceRange ++++ expression: evt.Enriched.SourceRange diff --cc hub1/parsers/s02-enrich/crowdsecurity/http-logs.md index 0000000,0000000,0000000,0000000..43f9292 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s02-enrich/crowdsecurity/http-logs.md @@@@@ -1,0 -1,0 -1,0 -1,0 +1,4 @@@@@ ++++This parser is a generic post-parsing http re-parser and profides more detailed information such as : ++++ - static_ressource : a boolean to tell if the requested ressource is a static file ++++ - file_name : simple file+file-extension ++++ - impact_completion : a boolean flag indicating if the request succeeded (based on the http response code) diff --cc hub1/parsers/s02-enrich/crowdsecurity/http-logs.yaml index 0000000,0000000,0000000,0000000..0699ce6 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s02-enrich/crowdsecurity/http-logs.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,33 @@@@@ ++++filter: "evt.Meta.service == 'http' && evt.Meta.log_type in ['http_access-log', 'http_error-log']" ++++description: "Parse more Specifically HTTP logs, such as HTTP Code, HTTP path, HTTP args and if its a static ressource" ++++name: crowdsecurity/http-logs ++++pattern_syntax: ++++ DIR: "^.*/" ++++ FILE: "[^/].*?" ++++ EXT: "\\.[^.]*$|$" ++++nodes: ++++ - statics: ++++ - parsed: "impact_completion" ++++ # the value of a field can as well be determined as the result of an expression ++++ expression: "evt.Meta.http_status in ['404', '403', '502'] ? 'false' : 'true'" ++++ - target: evt.Parsed.static_ressource ++++ value: 'false' ++++ # let's split the path?query if possible ++++ - grok: ++++ pattern: "^%{GREEDYDATA:request}\\?%{GREEDYDATA:http_args}$" ++++ apply_on: request ++++ # this is another node, with its own pattern_syntax ++++ - #debug: true ++++ grok: ++++ pattern: "%{DIR:file_dir}%{FILE:file_frag}%{EXT:file_ext}" ++++ apply_on: request ++++ statics: ++++ - meta: http_path ++++ expression: "evt.Parsed.http_path" ++++ # meta af ++++ - meta: http_args_len ++++ expression: "len(evt.Parsed.http_args)" ++++ - parsed: file_name ++++ expression: evt.Parsed.file_frag + evt.Parsed.file_ext ++++ - parsed: static_ressource ++++ expression: "Upper(evt.Parsed.file_ext) in ['.JPG', '.CSS', '.JS', '.JPEG', '.PNG', '.SVG', '.MAP', '.ICO', '.OTF', '.GIF', '.MP3', '.MP4', '.WOFF', '.WOFF2', '.TTF', '.OTF', '.EOT', '.WEBP'] ? 'true' : 'false'" diff --cc hub1/parsers/s02-enrich/crowdsecurity/naxsi-logs.yaml index 0000000,0000000,0000000,0000000..9bd2ab1 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s02-enrich/crowdsecurity/naxsi-logs.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,16 @@@@@ ++++#let's try to post-process nginx error log to have naxsi pattern ++++filter: "evt.Meta.log_type == 'http_error-log' && evt.Parsed.program == 'nginx'" ++++description: "Enrich logs if its from NAXSI" ++++name: crowdsecurity/naxsi-logs ++++grok: ++++ name: "NAXSI_EXLOG" ++++ apply_on: message ++++statics: ++++ - target: evt.Meta.log_type ++++ value: waf_naxsi-log ++++ - meta: source_ip ++++ expression: "evt.Parsed.naxsi_src_ip" ++++ - meta: http_path ++++ expression: "evt.Parsed.http_path" ++++ - meta: dest_ip ++++ expression: "evt.Parsed.target_ip" diff --cc hub1/parsers/s02-enrich/crowdsecurity/whitelists.md index 0000000,0000000,0000000,0000000..41e6284 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s02-enrich/crowdsecurity/whitelists.md @@@@@ -1,0 -1,0 -1,0 -1,0 +1,2 @@@@@ ++++A generic whitelist to avoid banning yourself, whitelisted ranges : ++++192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12 diff --cc hub1/parsers/s02-enrich/crowdsecurity/whitelists.yaml index 0000000,0000000,0000000,0000000..d398ee8 new file mode 100644 --- /dev/null +++ b/hub1/parsers/s02-enrich/crowdsecurity/whitelists.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,13 @@@@@ ++++name: crowdsecurity/whitelists ++++description: "Whitelist events from private ipv4 addresses" ++++whitelist: ++++ reason: "private ipv4 ranges" ++++ ip: ++++ - "127.0.0.1" ++++ cidr: ++++ - "192.168.0.0/16" ++++ - "10.0.0.0/8" ++++ - "172.16.0.0/12" ++++ # expression: ++++ # - "'foo.com' in evt.Meta.source_ip.reverse" ++++ diff --cc hub1/postoverflows/s00-enrich/crowdsecurity/.tests/rdns/config.yaml index 0000000,0000000,0000000,0000000..0387642 new file mode 100644 --- /dev/null +++ b/hub1/postoverflows/s00-enrich/crowdsecurity/.tests/rdns/config.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,7 @@@@@ ++++postoverflow_input: po_input.yaml ++++postoverflow_results: postoverflow_results.yaml ++++#configuration ++++index: "./config/hub/.index.json" ++++configurations: ++++ postoverflows: ++++ - crowdsecurity/rdns diff --cc hub1/postoverflows/s00-enrich/crowdsecurity/.tests/rdns/po_input.yaml index 0000000,0000000,0000000,0000000..4d0d42c new file mode 100644 --- /dev/null +++ b/hub1/postoverflows/s00-enrich/crowdsecurity/.tests/rdns/po_input.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,16 @@@@@ ++++- Type: 1 ++++ Alert: ++++ Alert: ++++ remediation: true ++++ source: ++++ ip: 8.8.8.8 ++++ scope: Ip ++++ value: 8.8.8.8 ++++- Type: 1 ++++ Alert: ++++ Alert: ++++ remediation: true ++++ source: ++++ ip: 192.168.0.100 ++++ scope: Ip ++++ value: 192.168.0.100 diff --cc hub1/postoverflows/s00-enrich/crowdsecurity/.tests/rdns/postoverflow_results.yaml index 0000000,0000000,0000000,0000000..df56bfd new file mode 100644 --- /dev/null +++ b/hub1/postoverflows/s00-enrich/crowdsecurity/.tests/rdns/postoverflow_results.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,216 @@@@@ ++++provisionalresults: ++++- s00-enrich: ++++ crowdsecurity/rdns: ++++ Type: 1 ++++ Stage: s01-whitelist ++++ Enriched: ++++ reverse_dns: dns.google. ++++ Alert: ++++ Alert: ++++ capacity: null ++++ createdat: "" ++++ decisions: [] ++++ events: [] ++++ eventscount: null ++++ id: 0 ++++ labels: [] ++++ leakspeed: null ++++ machineid: "" ++++ message: null ++++ meta: [] ++++ remediation: true ++++ scenario: null ++++ scenariohash: null ++++ scenarioversion: null ++++ simulated: null ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 8.8.8.8 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 8.8.8.8 ++++ startat: null ++++ stopat: null ++++ Meta: ++++ reverse_dns: dns.google. ++++ s01-whitelist: ++++ "": ++++ Type: 1 ++++ Stage: s01-whitelist ++++ Enriched: ++++ reverse_dns: dns.google. ++++ Alert: ++++ Alert: ++++ capacity: null ++++ createdat: "" ++++ decisions: [] ++++ events: [] ++++ eventscount: null ++++ id: 0 ++++ labels: [] ++++ leakspeed: null ++++ machineid: "" ++++ message: null ++++ meta: [] ++++ remediation: true ++++ scenario: null ++++ scenariohash: null ++++ scenarioversion: null ++++ simulated: null ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 8.8.8.8 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 8.8.8.8 ++++ startat: null ++++ stopat: null ++++ Meta: ++++ reverse_dns: dns.google. ++++- s00-enrich: ++++ crowdsecurity/rdns: ++++ Type: 1 ++++ Stage: s01-whitelist ++++ Alert: ++++ Alert: ++++ capacity: null ++++ createdat: "" ++++ decisions: [] ++++ events: [] ++++ eventscount: null ++++ id: 0 ++++ labels: [] ++++ leakspeed: null ++++ machineid: "" ++++ message: null ++++ meta: [] ++++ remediation: true ++++ scenario: null ++++ scenariohash: null ++++ scenarioversion: null ++++ simulated: null ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 192.168.0.100 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 192.168.0.100 ++++ startat: null ++++ stopat: null ++++ s01-whitelist: ++++ "": ++++ Type: 1 ++++ Stage: s01-whitelist ++++ Alert: ++++ Alert: ++++ capacity: null ++++ createdat: "" ++++ decisions: [] ++++ events: [] ++++ eventscount: null ++++ id: 0 ++++ labels: [] ++++ leakspeed: null ++++ machineid: "" ++++ message: null ++++ meta: [] ++++ remediation: true ++++ scenario: null ++++ scenariohash: null ++++ scenarioversion: null ++++ simulated: null ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 192.168.0.100 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 192.168.0.100 ++++ startat: null ++++ stopat: null ++++finalresults: ++++- Type: 1 ++++ Stage: s01-whitelist ++++ Enriched: ++++ reverse_dns: dns.google. ++++ Alert: ++++ Alert: ++++ capacity: null ++++ createdat: "" ++++ decisions: [] ++++ events: [] ++++ eventscount: null ++++ id: 0 ++++ labels: [] ++++ leakspeed: null ++++ machineid: "" ++++ message: null ++++ meta: [] ++++ remediation: true ++++ scenario: null ++++ scenariohash: null ++++ scenarioversion: null ++++ simulated: null ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 8.8.8.8 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 8.8.8.8 ++++ startat: null ++++ stopat: null ++++ Process: true ++++ Meta: ++++ reverse_dns: dns.google. ++++- Type: 1 ++++ Stage: s01-whitelist ++++ Alert: ++++ Alert: ++++ capacity: null ++++ createdat: "" ++++ decisions: [] ++++ events: [] ++++ eventscount: null ++++ id: 0 ++++ labels: [] ++++ leakspeed: null ++++ machineid: "" ++++ message: null ++++ meta: [] ++++ remediation: true ++++ scenario: null ++++ scenariohash: null ++++ scenarioversion: null ++++ simulated: null ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 192.168.0.100 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 192.168.0.100 ++++ startat: null ++++ stopat: null ++++ Process: true diff --cc hub1/postoverflows/s00-enrich/crowdsecurity/rdns.md index 0000000,0000000,0000000,0000000..e1878dd new file mode 100644 --- /dev/null +++ b/hub1/postoverflows/s00-enrich/crowdsecurity/rdns.md @@@@@ -1,0 -1,0 -1,0 -1,0 +1,3 @@@@@ ++++# Rdns enricher ++++ ++++This will use `reverse_dns` method to enrich en event with the reverse dns of the IP if it exists. diff --cc hub1/postoverflows/s00-enrich/crowdsecurity/rdns.yaml index 0000000,0000000,0000000,0000000..2dcc16b new file mode 100644 --- /dev/null +++ b/hub1/postoverflows/s00-enrich/crowdsecurity/rdns.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,9 @@@@@ ++++onsuccess: next_stage ++++filter: "evt.Overflow.Alert.Remediation == true" ++++name: crowdsecurity/rdns ++++description: "Lookup the DNS associated to the source IP only for overflows" ++++statics: ++++ - method: reverse_dns ++++ expression: evt.Overflow.Alert.Source.IP ++++ - meta: reverse_dns ++++ expression: evt.Enriched.reverse_dns diff --cc hub1/postoverflows/s01-whitelist/crowdsecurity/.tests/cdn-whitelist/config.yaml index 0000000,0000000,0000000,0000000..e3d9227 new file mode 100644 --- /dev/null +++ b/hub1/postoverflows/s01-whitelist/crowdsecurity/.tests/cdn-whitelist/config.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,7 @@@@@ ++++postoverflow_input: parser_input.yaml ++++postoverflow_results: parser_results.yaml ++++#configuration ++++index: "./config/hub/.index.json" ++++configurations: ++++ postoverflows: ++++ - crowdsecurity/cdn-whitelist diff --cc hub1/postoverflows/s01-whitelist/crowdsecurity/.tests/cdn-whitelist/parser_input.yaml index 0000000,0000000,0000000,0000000..269f407 new file mode 100644 --- /dev/null +++ b/hub1/postoverflows/s01-whitelist/crowdsecurity/.tests/cdn-whitelist/parser_input.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,86 @@@@@ ++++- Type: 1 ++++ Alert: ++++ Sources: ++++ 173.245.45.5: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 173.245.45.5 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 173.245.45.5 ++++ Alert: ++++ capacity: 1 ++++ events: ++++ - meta: ++++ - key: log_type ++++ value: ssh_failed-auth ++++ timestamp: "2020-11-10T15:01:29Z" ++++ eventscount: 6 ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ssh-bf ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 173.245.45.5 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 173.245.45.5 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" ++++- Type: 1 ++++ Alert: ++++ Sources: ++++ 198.41.128.3: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 198.41.128.3 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 198.41.128.3 ++++ Alert: ++++ capacity: 1 ++++ events: ++++ - meta: ++++ - key: log_type ++++ value: ssh_failed-auth ++++ timestamp: "2020-11-10T15:01:29Z" ++++ eventscount: 6 ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ssh-bf ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 198.41.128.3 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 198.41.128.3 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" diff --cc hub1/postoverflows/s01-whitelist/crowdsecurity/.tests/cdn-whitelist/parser_results.yaml index 0000000,0000000,0000000,0000000..86ca5bd new file mode 100644 --- /dev/null +++ b/hub1/postoverflows/s01-whitelist/crowdsecurity/.tests/cdn-whitelist/parser_results.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,306 @@@@@ ++++provisionalresults: ++++- s00-enrich: ++++ "": ++++ Type: 1 ++++ Stage: s01-whitelist ++++ Alert: ++++ Sources: ++++ 173.245.45.5: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 173.245.45.5 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 173.245.45.5 ++++ Alert: ++++ capacity: 1 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: log_type ++++ value: ssh_failed-auth ++++ timestamp: "2020-11-10T15:01:29Z" ++++ eventscount: 6 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ssh-bf ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 173.245.45.5 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 173.245.45.5 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" ++++ s01-whitelist: ++++ crowdsecurity/cdn-whitelist: ++++ Type: 1 ++++ Stage: s01-whitelist ++++ Alert: ++++ Sources: ++++ 173.245.45.5: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 173.245.45.5 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 173.245.45.5 ++++ Alert: ++++ capacity: 1 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: log_type ++++ value: ssh_failed-auth ++++ timestamp: "2020-11-10T15:01:29Z" ++++ eventscount: 6 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ssh-bf ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 173.245.45.5 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 173.245.45.5 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" ++++- s00-enrich: ++++ "": ++++ Type: 1 ++++ Stage: s01-whitelist ++++ Alert: ++++ Sources: ++++ 198.41.128.3: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 198.41.128.3 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 198.41.128.3 ++++ Alert: ++++ capacity: 1 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: log_type ++++ value: ssh_failed-auth ++++ timestamp: "2020-11-10T15:01:29Z" ++++ eventscount: 6 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ssh-bf ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 198.41.128.3 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 198.41.128.3 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" ++++ s01-whitelist: ++++ crowdsecurity/cdn-whitelist: ++++ Type: 1 ++++ Whitelisted: true ++++ whitelist_reason: CDN provider ++++ Stage: s01-whitelist ++++ Alert: ++++ Whitelisted: true ++++ Sources: ++++ 198.41.128.3: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 198.41.128.3 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 198.41.128.3 ++++ Alert: ++++ capacity: 1 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: log_type ++++ value: ssh_failed-auth ++++ timestamp: "2020-11-10T15:01:29Z" ++++ eventscount: 6 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ssh-bf ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 198.41.128.3 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 198.41.128.3 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" ++++finalresults: ++++- Type: 1 ++++ Stage: s01-whitelist ++++ Alert: ++++ Sources: ++++ 173.245.45.5: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 173.245.45.5 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 173.245.45.5 ++++ Alert: ++++ capacity: 1 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: log_type ++++ value: ssh_failed-auth ++++ timestamp: "2020-11-10T15:01:29Z" ++++ eventscount: 6 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ssh-bf ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 173.245.45.5 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 173.245.45.5 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" ++++ Process: true ++++- Type: 1 ++++ Whitelisted: true ++++ whitelist_reason: CDN provider ++++ Stage: s01-whitelist ++++ Alert: ++++ Whitelisted: true ++++ Sources: ++++ 198.41.128.3: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 198.41.128.3 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 198.41.128.3 ++++ Alert: ++++ capacity: 1 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: log_type ++++ value: ssh_failed-auth ++++ timestamp: "2020-11-10T15:01:29Z" ++++ eventscount: 6 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ssh-bf ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 198.41.128.3 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 198.41.128.3 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" ++++ Process: true diff --cc hub1/postoverflows/s01-whitelist/crowdsecurity/.tests/seo-bots-whitelists/config.yaml index 0000000,0000000,0000000,0000000..d108f11 new file mode 100644 --- /dev/null +++ b/hub1/postoverflows/s01-whitelist/crowdsecurity/.tests/seo-bots-whitelists/config.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,7 @@@@@ ++++postoverflow_input: parser_input.yaml ++++postoverflow_results: parser_results.yaml ++++#configuration ++++index: "./config/hub/.index.json" ++++configurations: ++++ postoverflows: ++++ - crowdsecurity/seo-bots-whitelist diff --cc hub1/postoverflows/s01-whitelist/crowdsecurity/.tests/seo-bots-whitelists/parser_input.yaml index 0000000,0000000,0000000,0000000..c7335dd new file mode 100644 --- /dev/null +++ b/hub1/postoverflows/s01-whitelist/crowdsecurity/.tests/seo-bots-whitelists/parser_input.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,226 @@@@@ ++++#this one is whitelisted by IP (duckduckgo) ++++- Type: 1 ++++ Alert: ++++ Sources: ++++ 23.21.227.69: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 23.21.227.69 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 23.21.227.69 ++++ Alert: ++++ capacity: 1 ++++ events: ++++ - meta: ++++ - key: log_type ++++ value: ssh_failed-auth ++++ timestamp: "2020-11-10T15:01:29Z" ++++ eventscount: 6 ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ssh-bf ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 23.21.227.69 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 23.21.227.69 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" ++++#this one isn't ++++- Type: 1 ++++ Alert: ++++ Sources: ++++ 1.1.1.1: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.1 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 1.1.1.1 ++++ Alert: ++++ capacity: 1 ++++ events: ++++ - meta: ++++ - key: log_type ++++ value: ssh_failed-auth ++++ timestamp: "2020-11-10T15:01:29Z" ++++ eventscount: 6 ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ssh-bf ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.1 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 1.1.1.1 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" ++++# this one is whitelisted by reverse dns regexp ++++- Type: 1 ++++ Enriched: ++++ reverse_dns: google-proxy-1-1-1-1.google.com. ++++ Alert: ++++ Sources: ++++ 1.1.1.1: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.1 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 1.1.1.1 ++++ Alert: ++++ capacity: 1 ++++ events: ++++ - meta: ++++ - key: log_type ++++ value: ssh_failed-auth ++++ timestamp: "2020-11-10T15:01:29Z" ++++ eventscount: 6 ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ssh-bf ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.1 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 1.1.1.1 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" ++++# this one is whitelisted by reverse dns string match ++++- Type: 1 ++++ Enriched: ++++ reverse_dns: foobar.googlebot.com. ++++ Alert: ++++ Sources: ++++ 1.1.1.1: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.1 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 1.1.1.1 ++++ Alert: ++++ capacity: 1 ++++ events: ++++ - meta: ++++ - key: log_type ++++ value: ssh_failed-auth ++++ timestamp: "2020-11-10T15:01:29Z" ++++ eventscount: 6 ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ssh-bf ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.1 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 1.1.1.1 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" ++++# this one isn't whitelisted by reverse dns ++++- Type: 1 ++++ Enriched: ++++ reverse_dns: foobar.gagle.com. ++++ Alert: ++++ Sources: ++++ 1.1.1.1: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.1 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 1.1.1.1 ++++ Alert: ++++ capacity: 1 ++++ events: ++++ - meta: ++++ - key: log_type ++++ value: ssh_failed-auth ++++ timestamp: "2020-11-10T15:01:29Z" ++++ eventscount: 6 ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ssh-bf ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.1 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 1.1.1.1 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" diff --cc hub1/postoverflows/s01-whitelist/crowdsecurity/.tests/seo-bots-whitelists/parser_results.yaml index 0000000,0000000,0000000,0000000..8826bf5 new file mode 100644 --- /dev/null +++ b/hub1/postoverflows/s01-whitelist/crowdsecurity/.tests/seo-bots-whitelists/parser_results.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,783 @@@@@ ++++provisionalresults: ++++- s00-enrich: ++++ "": ++++ Type: 1 ++++ Stage: s01-whitelist ++++ Alert: ++++ Sources: ++++ 23.21.227.69: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 23.21.227.69 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 23.21.227.69 ++++ Alert: ++++ capacity: 1 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: log_type ++++ value: ssh_failed-auth ++++ timestamp: "2020-11-10T15:01:29Z" ++++ eventscount: 6 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ssh-bf ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 23.21.227.69 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 23.21.227.69 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" ++++ s01-whitelist: ++++ crowdsecurity/seo-bots-whitelist: ++++ Type: 1 ++++ Whitelisted: true ++++ whitelist_reason: good bots (search engine crawlers) ++++ Stage: s01-whitelist ++++ Alert: ++++ Whitelisted: true ++++ Sources: ++++ 23.21.227.69: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 23.21.227.69 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 23.21.227.69 ++++ Alert: ++++ capacity: 1 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: log_type ++++ value: ssh_failed-auth ++++ timestamp: "2020-11-10T15:01:29Z" ++++ eventscount: 6 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ssh-bf ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 23.21.227.69 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 23.21.227.69 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" ++++- s00-enrich: ++++ "": ++++ Type: 1 ++++ Stage: s01-whitelist ++++ Alert: ++++ Sources: ++++ 1.1.1.1: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.1 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 1.1.1.1 ++++ Alert: ++++ capacity: 1 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: log_type ++++ value: ssh_failed-auth ++++ timestamp: "2020-11-10T15:01:29Z" ++++ eventscount: 6 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ssh-bf ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.1 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 1.1.1.1 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" ++++ s01-whitelist: ++++ crowdsecurity/seo-bots-whitelist: ++++ Type: 1 ++++ Stage: s01-whitelist ++++ Alert: ++++ Sources: ++++ 1.1.1.1: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.1 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 1.1.1.1 ++++ Alert: ++++ capacity: 1 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: log_type ++++ value: ssh_failed-auth ++++ timestamp: "2020-11-10T15:01:29Z" ++++ eventscount: 6 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ssh-bf ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.1 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 1.1.1.1 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" ++++- s00-enrich: ++++ "": ++++ Type: 1 ++++ Stage: s01-whitelist ++++ Enriched: ++++ reverse_dns: google-proxy-1-1-1-1.google.com. ++++ Alert: ++++ Sources: ++++ 1.1.1.1: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.1 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 1.1.1.1 ++++ Alert: ++++ capacity: 1 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: log_type ++++ value: ssh_failed-auth ++++ timestamp: "2020-11-10T15:01:29Z" ++++ eventscount: 6 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ssh-bf ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.1 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 1.1.1.1 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" ++++ s01-whitelist: ++++ crowdsecurity/seo-bots-whitelist: ++++ Type: 1 ++++ Whitelisted: true ++++ whitelist_reason: good bots (search engine crawlers) ++++ Stage: s01-whitelist ++++ Enriched: ++++ reverse_dns: google-proxy-1-1-1-1.google.com. ++++ Alert: ++++ Whitelisted: true ++++ Sources: ++++ 1.1.1.1: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.1 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 1.1.1.1 ++++ Alert: ++++ capacity: 1 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: log_type ++++ value: ssh_failed-auth ++++ timestamp: "2020-11-10T15:01:29Z" ++++ eventscount: 6 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ssh-bf ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.1 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 1.1.1.1 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" ++++- s00-enrich: ++++ "": ++++ Type: 1 ++++ Stage: s01-whitelist ++++ Enriched: ++++ reverse_dns: foobar.googlebot.com. ++++ Alert: ++++ Sources: ++++ 1.1.1.1: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.1 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 1.1.1.1 ++++ Alert: ++++ capacity: 1 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: log_type ++++ value: ssh_failed-auth ++++ timestamp: "2020-11-10T15:01:29Z" ++++ eventscount: 6 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ssh-bf ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.1 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 1.1.1.1 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" ++++ s01-whitelist: ++++ crowdsecurity/seo-bots-whitelist: ++++ Type: 1 ++++ Whitelisted: true ++++ whitelist_reason: good bots (search engine crawlers) ++++ Stage: s01-whitelist ++++ Enriched: ++++ reverse_dns: foobar.googlebot.com. ++++ Alert: ++++ Whitelisted: true ++++ Sources: ++++ 1.1.1.1: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.1 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 1.1.1.1 ++++ Alert: ++++ capacity: 1 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: log_type ++++ value: ssh_failed-auth ++++ timestamp: "2020-11-10T15:01:29Z" ++++ eventscount: 6 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ssh-bf ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.1 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 1.1.1.1 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" ++++- s00-enrich: ++++ "": ++++ Type: 1 ++++ Stage: s01-whitelist ++++ Enriched: ++++ reverse_dns: foobar.gagle.com. ++++ Alert: ++++ Sources: ++++ 1.1.1.1: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.1 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 1.1.1.1 ++++ Alert: ++++ capacity: 1 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: log_type ++++ value: ssh_failed-auth ++++ timestamp: "2020-11-10T15:01:29Z" ++++ eventscount: 6 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ssh-bf ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.1 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 1.1.1.1 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" ++++ s01-whitelist: ++++ crowdsecurity/seo-bots-whitelist: ++++ Type: 1 ++++ Stage: s01-whitelist ++++ Enriched: ++++ reverse_dns: foobar.gagle.com. ++++ Alert: ++++ Sources: ++++ 1.1.1.1: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.1 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 1.1.1.1 ++++ Alert: ++++ capacity: 1 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: log_type ++++ value: ssh_failed-auth ++++ timestamp: "2020-11-10T15:01:29Z" ++++ eventscount: 6 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ssh-bf ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.1 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 1.1.1.1 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" ++++finalresults: ++++- Type: 1 ++++ Whitelisted: true ++++ whitelist_reason: good bots (search engine crawlers) ++++ Stage: s01-whitelist ++++ Alert: ++++ Whitelisted: true ++++ Sources: ++++ 23.21.227.69: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 23.21.227.69 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 23.21.227.69 ++++ Alert: ++++ capacity: 1 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: log_type ++++ value: ssh_failed-auth ++++ timestamp: "2020-11-10T15:01:29Z" ++++ eventscount: 6 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ssh-bf ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 23.21.227.69 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 23.21.227.69 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" ++++ Process: true ++++- Type: 1 ++++ Stage: s01-whitelist ++++ Alert: ++++ Sources: ++++ 1.1.1.1: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.1 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 1.1.1.1 ++++ Alert: ++++ capacity: 1 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: log_type ++++ value: ssh_failed-auth ++++ timestamp: "2020-11-10T15:01:29Z" ++++ eventscount: 6 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ssh-bf ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.1 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 1.1.1.1 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" ++++ Process: true ++++- Type: 1 ++++ Whitelisted: true ++++ whitelist_reason: good bots (search engine crawlers) ++++ Stage: s01-whitelist ++++ Enriched: ++++ reverse_dns: google-proxy-1-1-1-1.google.com. ++++ Alert: ++++ Whitelisted: true ++++ Sources: ++++ 1.1.1.1: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.1 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 1.1.1.1 ++++ Alert: ++++ capacity: 1 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: log_type ++++ value: ssh_failed-auth ++++ timestamp: "2020-11-10T15:01:29Z" ++++ eventscount: 6 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ssh-bf ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.1 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 1.1.1.1 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" ++++ Process: true ++++- Type: 1 ++++ Whitelisted: true ++++ whitelist_reason: good bots (search engine crawlers) ++++ Stage: s01-whitelist ++++ Enriched: ++++ reverse_dns: foobar.googlebot.com. ++++ Alert: ++++ Whitelisted: true ++++ Sources: ++++ 1.1.1.1: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.1 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 1.1.1.1 ++++ Alert: ++++ capacity: 1 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: log_type ++++ value: ssh_failed-auth ++++ timestamp: "2020-11-10T15:01:29Z" ++++ eventscount: 6 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ssh-bf ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.1 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 1.1.1.1 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" ++++ Process: true ++++- Type: 1 ++++ Stage: s01-whitelist ++++ Enriched: ++++ reverse_dns: foobar.gagle.com. ++++ Alert: ++++ Sources: ++++ 1.1.1.1: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.1 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 1.1.1.1 ++++ Alert: ++++ capacity: 1 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: log_type ++++ value: ssh_failed-auth ++++ timestamp: "2020-11-10T15:01:29Z" ++++ eventscount: 6 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ssh-bf ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.1 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 1.1.1.1 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" ++++ Process: true diff --cc hub1/postoverflows/s01-whitelist/crowdsecurity/cdn-whitelist.md index 0000000,0000000,0000000,0000000..f34368b new file mode 100644 --- /dev/null +++ b/hub1/postoverflows/s01-whitelist/crowdsecurity/cdn-whitelist.md @@@@@ -1,0 -1,0 -1,0 -1,0 +1,6 @@@@@ ++++# CDNs whitelist ++++ ++++CDNs whitelist based on following lists: ++++* https://www.cloudflare.com/ips-v4 ++++ ++++It will whitelist overflows triggered on an IP in those lists diff --cc hub1/postoverflows/s01-whitelist/crowdsecurity/cdn-whitelist.yaml index 0000000,0000000,0000000,0000000..c2a2a04 new file mode 100644 --- /dev/null +++ b/hub1/postoverflows/s01-whitelist/crowdsecurity/cdn-whitelist.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,10 @@@@@ ++++name: crowdsecurity/cdn-whitelist ++++description: "Whitelist CDN providers" ++++whitelist: ++++ reason: "CDN provider" ++++ expression: ++++ - "any(File('cloudflare_ips.txt'), { IpInRange(evt.Overflow.Alert.Source.IP ,#)})" ++++data: ++++ - source_url: https://www.cloudflare.com/ips-v4 ++++ dest_file: cloudflare_ips.txt ++++ type: string diff --cc hub1/postoverflows/s01-whitelist/crowdsecurity/seo-bots-whitelist.md index 0000000,0000000,0000000,0000000..67aebd8 new file mode 100644 --- /dev/null +++ b/hub1/postoverflows/s01-whitelist/crowdsecurity/seo-bots-whitelist.md @@@@@ -1,0 -1,0 -1,0 -1,0 +1,11 @@@@@ ++++# SEO Bots Whitelist ++++ ++++Configuration based on `crowdsecurity/rdns` to whitelist following benign SEO bots: ++++* duckduckBot ++++* googlebot ++++* yandex ++++* bing ++++* baidu ++++* yahoo ++++* pinterest ++++* qwant diff --cc hub1/postoverflows/s01-whitelist/crowdsecurity/seo-bots-whitelist.yaml index 0000000,0000000,0000000,0000000..23c39aa new file mode 100644 --- /dev/null +++ b/hub1/postoverflows/s01-whitelist/crowdsecurity/seo-bots-whitelist.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,18 @@@@@ ++++name: crowdsecurity/seo-bots-whitelist ++++description: "Whitelist good search engine crawlers" ++++whitelist: ++++ reason: "good bots (search engine crawlers)" ++++ expression: ++++ - "any(File('rdns_seo_bots.txt'), { len(#) > 0 && evt.Enriched.reverse_dns endsWith #})" ++++ - "RegexpInFile(evt.Enriched.reverse_dns, 'rdns_seo_bots.regex')" ++++ - "any(File('ip_seo_bots.txt'), { len(#) > 0 && IpInRange(evt.Overflow.Alert.Source.IP ,#)})" ++++data: ++++ - source_url: https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/whitelists/benign_bots/search_engine_crawlers/rdns_seo_bots.txt ++++ dest_file: rdns_seo_bots.txt ++++ type: string ++++ - source_url: https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/whitelists/benign_bots/search_engine_crawlers/rnds_seo_bots.regex ++++ dest_file: rdns_seo_bots.regex ++++ type: regexp ++++ - source_url: https://raw.githubusercontent.com/crowdsecurity/sec-lists/master/whitelists/benign_bots/search_engine_crawlers/ip_seo_bots.txt ++++ dest_file: ip_seo_bots.txt ++++ type: string diff --cc hub1/scenarios/crowdsecurity/.tests/ban-defcon-drop_range/bucket_input.yaml index 0000000,0000000,0000000,0000000..f05e6a5 new file mode 100644 --- /dev/null +++ b/hub1/scenarios/crowdsecurity/.tests/ban-defcon-drop_range/bucket_input.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,432 @@@@@ ++++- Type: 1 ++++ Alert: ++++ MapKey: 3cbe015437dac180af7767a997348e490c0e6300 ++++ Reprocess: true ++++ Sources: ++++ 1.1.1.1: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.1 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Range ++++ value: 1.1.1.0/24 ++++ Alert: ++++ capacity: 5 ++++ createdat: "" ++++ decisions: [] ++++ eventscount: 6 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ssh-bf ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.1 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Range ++++ value: 1.1.1.0/24 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ APIAlerts: ++++ - capacity: 5 ++++ createdat: "" ++++ decisions: [] ++++ eventscount: 6 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ssh-bf ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.1 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Range ++++ value: 1.1.1.0/24 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" ++++- Type: 1 ++++ Alert: ++++ MapKey: 3cbe015437dac180af7767a997348e490c0e6300 ++++ Reprocess: true ++++ Sources: ++++ 1.1.1.2: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.2 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Range ++++ value: 1.1.1.0/24 ++++ Alert: ++++ capacity: 5 ++++ createdat: "" ++++ decisions: [] ++++ eventscount: 6 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ssh-bf ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.2 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Range ++++ value: 1.1.1.0/24 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ APIAlerts: ++++ - capacity: 5 ++++ createdat: "" ++++ decisions: [] ++++ eventscount: 6 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ssh-bf ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.2 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Range ++++ value: 1.1.1.0/24 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" ++++- Type: 1 ++++ Alert: ++++ MapKey: 3cbe015437dac180af7767a997348e490c0e6300 ++++ Reprocess: true ++++ Sources: ++++ 1.1.1.3: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.3 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Range ++++ value: 1.1.1.0/24 ++++ Alert: ++++ capacity: 5 ++++ createdat: "" ++++ decisions: [] ++++ eventscount: 6 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ssh-bf ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.3 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Range ++++ value: 1.1.1.0/24 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ APIAlerts: ++++ - capacity: 5 ++++ createdat: "" ++++ decisions: [] ++++ eventscount: 6 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ssh-bf ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.3 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Range ++++ value: 1.1.1.0/24 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" ++++- Type: 1 ++++ Alert: ++++ MapKey: 3cbe015437dac180af7767a997348e490c0e6300 ++++ Reprocess: true ++++ Sources: ++++ 1.1.1.4: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.4 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Range ++++ value: 1.1.1.0/24 ++++ Alert: ++++ capacity: 5 ++++ createdat: "" ++++ decisions: [] ++++ eventscount: 6 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ssh-bf ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.4 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Range ++++ value: 1.1.1.0/24 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ APIAlerts: ++++ - capacity: 5 ++++ createdat: "" ++++ decisions: [] ++++ eventscount: 6 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ssh-bf ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.4 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Range ++++ value: 1.1.1.0/24 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" ++++- Type: 1 ++++ Alert: ++++ MapKey: 3cbe015437dac180af7767a997348e490c0e6300 ++++ Reprocess: true ++++ Sources: ++++ 1.1.1.5: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.5 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Range ++++ value: 1.1.1.0/24 ++++ Alert: ++++ capacity: 5 ++++ createdat: "" ++++ decisions: [] ++++ eventscount: 6 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ssh-bf ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.5 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Range ++++ value: 1.1.1.0/24 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ APIAlerts: ++++ - capacity: 5 ++++ createdat: "" ++++ decisions: [] ++++ eventscount: 6 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ssh-bf ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.5 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Range ++++ value: 1.1.1.0/24 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" ++++- Type: 1 ++++ Alert: ++++ MapKey: 3cbe015437dac180af7767a997348e490c0e6300 ++++ Reprocess: true ++++ Sources: ++++ 1.1.1.6: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.6 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Range ++++ value: 1.1.1.0/24 ++++ Alert: ++++ capacity: 5 ++++ createdat: "" ++++ decisions: [] ++++ eventscount: 6 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ssh-bf ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.6 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Range ++++ value: 1.1.1.0/24 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ APIAlerts: ++++ - capacity: 5 ++++ createdat: "" ++++ decisions: [] ++++ eventscount: 6 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ssh-bf ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.6 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Range ++++ value: 1.1.1.0/24 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" diff --cc hub1/scenarios/crowdsecurity/.tests/ban-defcon-drop_range/bucket_results.yaml index 0000000,0000000,0000000,0000000..40cbe1f new file mode 100644 --- /dev/null +++ b/hub1/scenarios/crowdsecurity/.tests/ban-defcon-drop_range/bucket_results.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,263 @@@@@ ++++- Type: 1 ++++ Alert: ++++ MapKey: 8a13f1184b0f0bc0b762f39e31a4e315288baf80 ++++ Sources: ++++ 1.1.1.1: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.1 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Range ++++ value: 1.1.1.0/24 ++++ 1.1.1.2: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.2 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Range ++++ value: 1.1.1.0/24 ++++ 1.1.1.3: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.3 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Range ++++ value: 1.1.1.0/24 ++++ 1.1.1.4: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.4 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Range ++++ value: 1.1.1.0/24 ++++ 1.1.1.5: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.5 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Range ++++ value: 1.1.1.0/24 ++++ 1.1.1.6: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.6 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Range ++++ value: 1.1.1.0/24 ++++ Alert: ++++ capacity: 5 ++++ createdat: "" ++++ decisions: [] ++++ events: [] ++++ eventscount: 6 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 1m0s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ban-defcon-drop_range ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.1 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Range ++++ value: 1.1.1.0/24 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ APIAlerts: ++++ - capacity: 5 ++++ createdat: "" ++++ decisions: [] ++++ events: [] ++++ eventscount: 6 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 1m0s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ban-defcon-drop_range ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.1 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Range ++++ value: 1.1.1.0/24 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ - capacity: 5 ++++ createdat: "" ++++ decisions: [] ++++ events: [] ++++ eventscount: 6 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 1m0s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ban-defcon-drop_range ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.2 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Range ++++ value: 1.1.1.0/24 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ - capacity: 5 ++++ createdat: "" ++++ decisions: [] ++++ events: [] ++++ eventscount: 6 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 1m0s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ban-defcon-drop_range ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.3 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Range ++++ value: 1.1.1.0/24 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ - capacity: 5 ++++ createdat: "" ++++ decisions: [] ++++ events: [] ++++ eventscount: 6 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 1m0s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ban-defcon-drop_range ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.4 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Range ++++ value: 1.1.1.0/24 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ - capacity: 5 ++++ createdat: "" ++++ decisions: [] ++++ events: [] ++++ eventscount: 6 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 1m0s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ban-defcon-drop_range ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.5 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Range ++++ value: 1.1.1.0/24 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ - capacity: 5 ++++ createdat: "" ++++ decisions: [] ++++ events: [] ++++ eventscount: 6 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 1m0s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/ban-defcon-drop_range ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.6 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Range ++++ value: 1.1.1.0/24 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" diff --cc hub1/scenarios/crowdsecurity/.tests/ban-defcon-drop_range/config.yaml index 0000000,0000000,0000000,0000000..d13bf7a new file mode 100644 --- /dev/null +++ b/hub1/scenarios/crowdsecurity/.tests/ban-defcon-drop_range/config.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,8 @@@@@ ++++bucket_input: bucket_input.yaml #unused in our example ++++bucket_results: bucket_results.yaml #unused in our example ++++ ++++#configuration ++++index: "./config/hub/.index.json" ++++configurations: ++++ scenarios: ++++ - crowdsecurity/ban-defcon-drop_range diff --cc hub1/scenarios/crowdsecurity/.tests/dovecot-spam/bucket_input.yaml index 0000000,0000000,0000000,0000000..0bfd9a2 new file mode 100644 --- /dev/null +++ b/hub1/scenarios/crowdsecurity/.tests/dovecot-spam/bucket_input.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,41 @@@@@ ++++#these are the events we input into parser ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: dovecot_logs ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ dovecot_local_ip: 7.7.7.7 ++++ dovecot_login_result: Disconnected (auth failed, 1 attempts in 6 secs) ++++ dovecot_remote_ip: 4.4.4.4 ++++ dovecot_user: toto@toto.com ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: dovecot_logs ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ dovecot_local_ip: 7.7.7.7 ++++ dovecot_login_result: Disconnected (auth failed, 1 attempts in 6 secs) ++++ dovecot_remote_ip: 4.4.4.4 ++++ dovecot_user: toto@toto.com ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: dovecot_logs ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ dovecot_local_ip: 7.7.7.7 ++++ dovecot_login_result: Disconnected (auth failed, 1 attempts in 6 secs) ++++ dovecot_remote_ip: 4.4.4.4 ++++ dovecot_user: toto@toto.com ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: dovecot_logs ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ dovecot_local_ip: 7.7.7.7 ++++ dovecot_login_result: Disconnected (auth failed, 1 attempts in 6 secs) ++++ dovecot_remote_ip: 4.4.4.4 ++++ dovecot_user: toto@toto.com diff --cc hub1/scenarios/crowdsecurity/.tests/dovecot-spam/bucket_results.yaml index 0000000,0000000,0000000,0000000..ba5b235 new file mode 100644 --- /dev/null +++ b/hub1/scenarios/crowdsecurity/.tests/dovecot-spam/bucket_results.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,137 @@@@@ ++++- Type: 1 ++++ Alert: ++++ MapKey: ffceb7be7e20b8e20db02b764cebc6ef3d351a1c ++++ Sources: ++++ 8.8.8.8: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 8.8.8.8 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 8.8.8.8 ++++ Alert: ++++ capacity: 3 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: dovecot_logs ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: dovecot_logs ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: dovecot_logs ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: dovecot_logs ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ eventscount: 4 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 6m0s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/dovecot-spam ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 8.8.8.8 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 8.8.8.8 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ APIAlerts: ++++ - capacity: 3 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: dovecot_logs ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: dovecot_logs ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: dovecot_logs ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: dovecot_logs ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ eventscount: 4 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 6m0s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/dovecot-spam ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 8.8.8.8 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 8.8.8.8 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" diff --cc hub1/scenarios/crowdsecurity/.tests/dovecot-spam/config.yaml index 0000000,0000000,0000000,0000000..3a92438 new file mode 100644 --- /dev/null +++ b/hub1/scenarios/crowdsecurity/.tests/dovecot-spam/config.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,8 @@@@@ ++++bucket_input: bucket_input.yaml #unused in our example ++++bucket_results: bucket_results.yaml #unused in our example ++++ ++++#configuration ++++index: "./config/hub/.index.json" ++++configurations: ++++ scenarios: ++++ - crowdsecurity/dovecot-spam diff --cc hub1/scenarios/crowdsecurity/.tests/http-backdoors-attempts/bucket_input.yaml index 0000000,0000000,0000000,0000000..6623a23 new file mode 100644 --- /dev/null +++ b/hub1/scenarios/crowdsecurity/.tests/http-backdoors-attempts/bucket_input.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,30 @@@@@ ++++#this one won't trigger overflow (backdoors are the same) ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ request: c99.php ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ request: c99.php ++++#this one will ++++- Meta: ++++ source_ip: 1.1.1.1 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ request: c99.php ++++- Meta: ++++ source_ip: 1.1.1.1 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ request: jspShell.jsp diff --cc hub1/scenarios/crowdsecurity/.tests/http-backdoors-attempts/bucket_result.yaml index 0000000,0000000,0000000,0000000..48c32e5 new file mode 100644 --- /dev/null +++ b/hub1/scenarios/crowdsecurity/.tests/http-backdoors-attempts/bucket_result.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,105 @@@@@ ++++- Type: 1 ++++ Alert: ++++ MapKey: a602b5cc97211993b68a64ba360e1697c93e677c ++++ Sources: ++++ 1.1.1.1: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.1 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 1.1.1.1 ++++ Alert: ++++ capacity: 1 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 1.1.1.1 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 1.1.1.1 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ eventscount: 2 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 5s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/http-backdoors-attempts ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.1 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 1.1.1.1 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ APIAlerts: ++++ - capacity: 1 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 1.1.1.1 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 1.1.1.1 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ eventscount: 2 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 5s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/http-backdoors-attempts ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.1 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 1.1.1.1 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" diff --cc hub1/scenarios/crowdsecurity/.tests/http-backdoors-attempts/config.yaml index 0000000,0000000,0000000,0000000..63be7ec new file mode 100644 --- /dev/null +++ b/hub1/scenarios/crowdsecurity/.tests/http-backdoors-attempts/config.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,7 @@@@@ ++++bucket_input: bucket_input.yaml ++++bucket_results: bucket_result.yaml ++++#configuration ++++index: "./config/hub/.index.json" ++++configurations: ++++ scenarios: ++++ - crowdsecurity/http-backdoors-attempts diff --cc hub1/scenarios/crowdsecurity/.tests/http-bad-user-agent/bucket_input.yaml index 0000000,0000000,0000000,0000000..9740d46 new file mode 100644 --- /dev/null +++ b/hub1/scenarios/crowdsecurity/.tests/http-bad-user-agent/bucket_input.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,42 @@@@@ ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ http_user_agent: BacklinkCrawler ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ http_user_agent: BacklinkCrawler ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:51.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ http_user_agent: Sqlmap v1.1.1 ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:51.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ http_user_agent: Sqlmap v1.1.1 ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:52.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ http_user_agent: Turnitin ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:52.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ http_user_agent: Turnitin diff --cc hub1/scenarios/crowdsecurity/.tests/http-bad-user-agent/bucket_results.yaml index 0000000,0000000,0000000,0000000..709526b new file mode 100644 --- /dev/null +++ b/hub1/scenarios/crowdsecurity/.tests/http-bad-user-agent/bucket_results.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,105 @@@@@ ++++- Type: 1 ++++ Alert: ++++ MapKey: 25fa9229bd06e973b3e656d1cc9b0a093cb779d1 ++++ Sources: ++++ 8.8.8.8: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 8.8.8.8 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 8.8.8.8 ++++ Alert: ++++ capacity: 1 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ eventscount: 2 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 1m0s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/http-bad-user-agent ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 8.8.8.8 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 8.8.8.8 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ APIAlerts: ++++ - capacity: 1 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ eventscount: 2 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 1m0s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/http-bad-user-agent ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 8.8.8.8 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 8.8.8.8 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" diff --cc hub1/scenarios/crowdsecurity/.tests/http-bad-user-agent/config.yaml index 0000000,0000000,0000000,0000000..e83b52f new file mode 100644 --- /dev/null +++ b/hub1/scenarios/crowdsecurity/.tests/http-bad-user-agent/config.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,8 @@@@@ ++++bucket_input: bucket_input.yaml #unused in our example ++++bucket_results: bucket_results.yaml #unused in our example ++++ ++++#configuration ++++index: "./config/hub/.index.json" ++++configurations: ++++ scenarios: ++++ - crowdsecurity/http-bad-user-agent diff --cc hub1/scenarios/crowdsecurity/.tests/http-bf-wordpress_bf/bucket_input.yaml index 0000000,0000000,0000000,0000000..2069710 new file mode 100644 --- /dev/null +++ b/hub1/scenarios/crowdsecurity/.tests/http-bf-wordpress_bf/bucket_input.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,54 @@@@@ ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ file_name: wp-login.php ++++ status: '200' ++++ verb: "POST" ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ file_name: wp-login.php ++++ status: '200' ++++ verb: "POST" ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:51.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ file_name: wp-login.php ++++ status: '200' ++++ verb: "POST" ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:51.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ file_name: wp-login.php ++++ status: '200' ++++ verb: "POST" ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:52.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ file_name: wp-login.php ++++ status: '200' ++++ verb: "POST" ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:52.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ file_name: wp-login.php ++++ status: '200' ++++ verb: "POST" diff --cc hub1/scenarios/crowdsecurity/.tests/http-bf-wordpress_bf/bucket_results.yaml index 0000000,0000000,0000000,0000000..404107d new file mode 100644 --- /dev/null +++ b/hub1/scenarios/crowdsecurity/.tests/http-bf-wordpress_bf/bucket_results.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,169 @@@@@ ++++- Type: 1 ++++ Alert: ++++ MapKey: 038a98a56c0d99467da6548b28c2bc74f3179534 ++++ Sources: ++++ 8.8.8.8: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 8.8.8.8 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 8.8.8.8 ++++ Alert: ++++ capacity: 5 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:51.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:51.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:52.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:52.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ eventscount: 6 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/http-bf-wordpress_bf ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 8.8.8.8 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 8.8.8.8 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ APIAlerts: ++++ - capacity: 5 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:51.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:51.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:52.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:52.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ eventscount: 6 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/http-bf-wordpress_bf ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 8.8.8.8 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 8.8.8.8 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" diff --cc hub1/scenarios/crowdsecurity/.tests/http-bf-wordpress_bf/config.yaml index 0000000,0000000,0000000,0000000..2601a00 new file mode 100644 --- /dev/null +++ b/hub1/scenarios/crowdsecurity/.tests/http-bf-wordpress_bf/config.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,8 @@@@@ ++++bucket_input: bucket_input.yaml ++++bucket_results: bucket_results.yaml ++++ ++++#configuration ++++index: "./config/hub/.index.json" ++++configurations: ++++ scenarios: ++++ - crowdsecurity/http-bf-wordpress_bf diff --cc hub1/scenarios/crowdsecurity/.tests/http-bf-wordpress_bf/po_input.yaml index 0000000,0000000,0000000,0000000..d180dcf new file mode 100644 --- /dev/null +++ b/hub1/scenarios/crowdsecurity/.tests/http-bf-wordpress_bf/po_input.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,169 @@@@@ ++++- Type: 1 ++++ Alert: ++++ MapKey: cbe79d14d16ad4296f8396cd1983128eac4d5db1 ++++ Sources: ++++ 8.8.8.8: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 8.8.8.8 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 8.8.8.8 ++++ Alert: ++++ capacity: 5 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:51.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:51.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:52.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:52.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ eventscount: 6 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/http-bf-wordpress_bf ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 8.8.8.8 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 8.8.8.8 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ APIAlerts: ++++ - capacity: 5 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:51.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:51.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:52.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:52.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ eventscount: 6 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/http-bf-wordpress_bf ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 8.8.8.8 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 8.8.8.8 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" diff --cc hub1/scenarios/crowdsecurity/.tests/http-crawl-non_statics/bucket_input.yaml index 0000000,0000000,0000000,0000000..71b9e9e new file mode 100644 --- /dev/null +++ b/hub1/scenarios/crowdsecurity/.tests/http-crawl-non_statics/bucket_input.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,372 @@@@@ ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test.php ++++ target_fqdn: www.test.com ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test1.php ++++ target_fqdn: www.test.com ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test2.php ++++ target_fqdn: www.test.com ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test3.php ++++ target_fqdn: www.test.com ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test4.php ++++ target_fqdn: www.test.com ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test5.php ++++ target_fqdn: www.test.com ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test6.php ++++ target_fqdn: www.test.com ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:51.52Z ++++ Time: 2020-12-09T07:20:51.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test7.php ++++ target_fqdn: www.test.com ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:51.52Z ++++ Time: 2020-12-09T07:20:51.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test8.php ++++ target_fqdn: www.test.com ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:51.52Z ++++ Time: 2020-12-09T07:20:51.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test9.php ++++ target_fqdn: www.test.com ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:51.52Z ++++ Time: 2020-12-09T07:20:51.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test10.php ++++ target_fqdn: www.test.com ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:51.52Z ++++ Time: 2020-12-09T07:20:51.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test11.php ++++ target_fqdn: www.test.com ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:51.52Z ++++ Time: 2020-12-09T07:20:51.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test12.php ++++ target_fqdn: www.test.com ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:51.52Z ++++ Time: 2020-12-09T07:20:51.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test13.php ++++ target_fqdn: www.test.com ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:52.52Z ++++ Time: 2020-12-09T07:20:52.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test14.php ++++ target_fqdn: www.test.com ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:52.52Z ++++ Time: 2020-12-09T07:20:52.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test15.php ++++ target_fqdn: www.test.com ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:52.52Z ++++ Time: 2020-12-09T07:20:52.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test16.php ++++ target_fqdn: www.test.com ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:52.52Z ++++ Time: 2020-12-09T07:20:52.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test17.php ++++ target_fqdn: www.test.com ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:52.52Z ++++ Time: 2020-12-09T07:20:52.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test18.php ++++ target_fqdn: www.test.com ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:52.52Z ++++ Time: 2020-12-09T07:20:52.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test19.php ++++ target_fqdn: www.test.com ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:52.52Z ++++ Time: 2020-12-09T07:20:52.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test20.php ++++ target_fqdn: www.test.com ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:53.52Z ++++ Time: 2020-12-09T07:20:53.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test21.php ++++ target_fqdn: www.test.com ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:53.52Z ++++ Time: 2020-12-09T07:20:53.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test22.php ++++ target_fqdn: www.test.com ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:53.52Z ++++ Time: 2020-12-09T07:20:53.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test23.php ++++ target_fqdn: www.test.com ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:53.52Z ++++ Time: 2020-12-09T07:20:53.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test24.php ++++ target_fqdn: www.test.com ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:53.52Z ++++ Time: 2020-12-09T07:20:53.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test25.php ++++ target_fqdn: www.test.com ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:53.52Z ++++ Time: 2020-12-09T07:20:53.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test26.php ++++ target_fqdn: www.test.com ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:53.52Z ++++ Time: 2020-12-09T07:20:53.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test27.php ++++ target_fqdn: www.test.com ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:53.52Z ++++ Time: 2020-12-09T07:20:53.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test28.php ++++ target_fqdn: www.test.com ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:53.52Z ++++ Time: 2020-12-09T07:20:53.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test29.php ++++ target_fqdn: www.test.com ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:54.52Z ++++ Time: 2020-12-09T07:20:54.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test30.php ++++ target_fqdn: www.test.com ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:54.52Z ++++ Time: 2020-12-09T07:20:54.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test31.php ++++ target_fqdn: www.test.com ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:54.52Z ++++ Time: 2020-12-09T07:20:54.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test32.php ++++ target_fqdn: www.test.com ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:54.52Z ++++ Time: 2020-12-09T07:20:54.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test33.php ++++ target_fqdn: www.test.com ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:54.52Z ++++ Time: 2020-12-09T07:20:54.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test34.php ++++ target_fqdn: www.test.com ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:54.52Z ++++ Time: 2020-12-09T07:20:54.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test123.php ++++ target_fqdn: www.test.com ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:55.52Z ++++ Time: 2020-12-09T07:20:55.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test35.php ++++ target_fqdn: www.test.com ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:55.52Z ++++ Time: 2020-12-09T07:20:55.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test36.php ++++ target_fqdn: www.test.com ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:55.52Z ++++ Time: 2020-12-09T07:20:55.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test37.php ++++ target_fqdn: www.test.com ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:55.52Z ++++ Time: 2020-12-09T07:20:55.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test38.php ++++ target_fqdn: www.test.com ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:55.52Z ++++ Time: 2020-12-09T07:20:55.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test39.php ++++ target_fqdn: www.test.com ++++ ++++ ++++ diff --cc hub1/scenarios/crowdsecurity/.tests/http-crawl-non_statics/bucket_results.yaml index 0000000,0000000,0000000,0000000..5aa2848 new file mode 100644 --- /dev/null +++ b/hub1/scenarios/crowdsecurity/.tests/http-crawl-non_statics/bucket_results.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,169 @@@@@ ++++- Type: 1 ++++ Alert: ++++ MapKey: 1968020eb846775e894942d1ea55cd3da1b24895 ++++ Sources: ++++ 8.8.8.8: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 8.8.8.8 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 8.8.8.8 ++++ Alert: ++++ capacity: 40 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:54.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:54.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:55.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:55.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:55.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:55.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:55.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:55.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:55.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:55.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:55.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:55.363532653+01:00" ++++ eventscount: 41 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 500ms ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/http-crawl-non_statics ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 8.8.8.8 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 8.8.8.8 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ APIAlerts: ++++ - capacity: 40 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:54.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:54.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:55.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:55.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:55.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:55.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:55.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:55.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:55.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:55.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:55.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:55.363532653+01:00" ++++ eventscount: 41 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 500ms ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/http-crawl-non_statics ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 8.8.8.8 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 8.8.8.8 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" diff --cc hub1/scenarios/crowdsecurity/.tests/http-crawl-non_statics/config.yaml index 0000000,0000000,0000000,0000000..1738254 new file mode 100644 --- /dev/null +++ b/hub1/scenarios/crowdsecurity/.tests/http-crawl-non_statics/config.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,8 @@@@@ ++++bucket_input: bucket_input.yaml #unused in our example ++++bucket_results: bucket_results.yaml #unused in our example ++++ ++++#configuration ++++index: "./config/hub/.index.json" ++++configurations: ++++ scenarios: ++++ - crowdsecurity/http-crawl-non_statics diff --cc hub1/scenarios/crowdsecurity/.tests/http-crawl-non_statics/po_input.yaml index 0000000,0000000,0000000,0000000..5aa2848 new file mode 100644 --- /dev/null +++ b/hub1/scenarios/crowdsecurity/.tests/http-crawl-non_statics/po_input.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,169 @@@@@ ++++- Type: 1 ++++ Alert: ++++ MapKey: 1968020eb846775e894942d1ea55cd3da1b24895 ++++ Sources: ++++ 8.8.8.8: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 8.8.8.8 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 8.8.8.8 ++++ Alert: ++++ capacity: 40 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:54.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:54.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:55.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:55.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:55.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:55.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:55.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:55.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:55.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:55.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:55.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:55.363532653+01:00" ++++ eventscount: 41 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 500ms ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/http-crawl-non_statics ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 8.8.8.8 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 8.8.8.8 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ APIAlerts: ++++ - capacity: 40 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:54.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:54.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:55.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:55.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:55.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:55.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:55.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:55.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:55.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:55.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:55.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:55.363532653+01:00" ++++ eventscount: 41 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 500ms ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/http-crawl-non_statics ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 8.8.8.8 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 8.8.8.8 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" diff --cc hub1/scenarios/crowdsecurity/.tests/http-generic-bf/bucket_input.yaml index 0000000,0000000,0000000,0000000..bf41559 new file mode 100644 --- /dev/null +++ b/hub1/scenarios/crowdsecurity/.tests/http-generic-bf/bucket_input.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,100 @@@@@ ++++- Meta: ++++ service: http ++++ source_ip: 8.8.8.8 ++++ sub_type: auth_fail ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ request: wp-login.php ++++ status: '403' ++++- Meta: ++++ service: http ++++ source_ip: 8.8.8.8 ++++ sub_type: auth_fail ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ request: wp-login.php ++++ status: '403' ++++- Meta: ++++ service: http ++++ source_ip: 8.8.8.8 ++++ sub_type: auth_fail ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ request: wp-login.php ++++ status: '403' ++++- Meta: ++++ service: http ++++ source_ip: 8.8.8.8 ++++ sub_type: auth_fail ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ request: wp-login.php ++++ status: '403' ++++- Meta: ++++ service: http ++++ source_ip: 8.8.8.8 ++++ sub_type: auth_fail ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ request: wp-login.php ++++ status: '403' ++++- Meta: ++++ service: http ++++ source_ip: 8.8.8.8 ++++ sub_type: auth_fail ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ request: wp-login.php ++++ status: '403' ++++# this one won't ++++- Meta: ++++ service: http ++++ source_ip: 1.1.1.1 ++++ sub_type: auth_fail ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ request: wp-login.php ++++ status: '403' ++++- Meta: ++++ service: http ++++ source_ip: 1.1.1.1 ++++ sub_type: auth_fail ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ request: wp-login.php ++++ status: '403' ++++- Meta: ++++ service: http ++++ source_ip: 1.1.1.1 ++++ sub_type: auth_fail ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ request: wp-login.php ++++ status: '403' ++++- Meta: ++++ service: http ++++ source_ip: 1.1.1.1 ++++ sub_type: auth_fail ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ request: wp-login.php ++++ status: '403' ++++- Meta: ++++ service: http ++++ source_ip: 1.1.1.1 ++++ sub_type: auth_fail ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ request: wp-login.php ++++ status: '403' diff --cc hub1/scenarios/crowdsecurity/.tests/http-generic-bf/bucket_result.yaml index 0000000,0000000,0000000,0000000..dc6d0e6 new file mode 100644 --- /dev/null +++ b/hub1/scenarios/crowdsecurity/.tests/http-generic-bf/bucket_result.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,193 @@@@@ ++++- Type: 1 ++++ Alert: ++++ MapKey: a685cc1a6bc11cec7b6443c898a27604dec9a3e9 ++++ Sources: ++++ 8.8.8.8: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 8.8.8.8 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 8.8.8.8 ++++ Alert: ++++ capacity: 5 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ - key: sub_type ++++ value: auth_fail ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ - key: sub_type ++++ value: auth_fail ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ - key: sub_type ++++ value: auth_fail ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ - key: sub_type ++++ value: auth_fail ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ - key: sub_type ++++ value: auth_fail ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ - key: sub_type ++++ value: auth_fail ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ eventscount: 6 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/http-generic-bf ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 8.8.8.8 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 8.8.8.8 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ APIAlerts: ++++ - capacity: 5 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ - key: sub_type ++++ value: auth_fail ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ - key: sub_type ++++ value: auth_fail ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ - key: sub_type ++++ value: auth_fail ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ - key: sub_type ++++ value: auth_fail ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ - key: sub_type ++++ value: auth_fail ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ - key: sub_type ++++ value: auth_fail ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ eventscount: 6 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/http-generic-bf ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 8.8.8.8 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 8.8.8.8 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" diff --cc hub1/scenarios/crowdsecurity/.tests/http-generic-bf/config.yaml index 0000000,0000000,0000000,0000000..06b7219 new file mode 100644 --- /dev/null +++ b/hub1/scenarios/crowdsecurity/.tests/http-generic-bf/config.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,8 @@@@@ ++++bucket_input: bucket_input.yaml ++++bucket_results: bucket_result.yaml ++++ ++++#configuration ++++index: "./config/hub/.index.json" ++++configurations: ++++ scenarios: ++++ - crowdsecurity/http-generic-bf diff --cc hub1/scenarios/crowdsecurity/.tests/http-path-traversal-probing/bucket_input.yaml index 0000000,0000000,0000000,0000000..480e1e5 new file mode 100644 --- /dev/null +++ b/hub1/scenarios/crowdsecurity/.tests/http-path-traversal-probing/bucket_input.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,82 @@@@@ ++++#will trigger ++++- Meta: ++++ source_ip: 1.1.1.1 ++++ log_type: http_access-log ++++ http_path: "/../1" ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test.php ++++ target_fqdn: www.test.com ++++- Meta: ++++ source_ip: 1.1.1.1 ++++ log_type: http_access-log ++++ http_path: "/../2" ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test.php ++++ target_fqdn: www.test.com ++++- Meta: ++++ source_ip: 1.1.1.1 ++++ log_type: http_access-log ++++ http_path: "/../3" ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test.php ++++ target_fqdn: www.test.com ++++- Meta: ++++ source_ip: 1.1.1.1 ++++ log_type: http_access-log ++++ http_path: "/../4" ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test.php ++++ target_fqdn: www.test.com ++++#won't trigger (same path) ++++- Meta: ++++ source_ip: 2.2.2.2 ++++ log_type: http_access-log ++++ http_path: "/../FP" ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test.php ++++ target_fqdn: www.test.com ++++- Meta: ++++ source_ip: 2.2.2.2 ++++ log_type: http_access-log ++++ http_path: "/../FP" ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test.php ++++ target_fqdn: www.test.com ++++- Meta: ++++ source_ip: 2.2.2.2 ++++ log_type: http_access-log ++++ http_path: "/../FP" ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test.php ++++ target_fqdn: www.test.com ++++- Meta: ++++ source_ip: 2.2.2.2 ++++ log_type: http_access-log ++++ http_path: "/../FP" ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test.php ++++ target_fqdn: www.test.com diff --cc hub1/scenarios/crowdsecurity/.tests/http-path-traversal-probing/bucket_result.yaml index 0000000,0000000,0000000,0000000..f81fe80 new file mode 100644 --- /dev/null +++ b/hub1/scenarios/crowdsecurity/.tests/http-path-traversal-probing/bucket_result.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,154 @@@@@ ++++- Type: 1 ++++ Alert: ++++ MapKey: 6f32710a2f629ca6ec59f8dfd16a0fed5a5bffe6 ++++ Reprocess: true ++++ Sources: ++++ 1.1.1.1: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.1 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 1.1.1.1 ++++ Alert: ++++ capacity: 3 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: http_path ++++ value: /../1 ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 1.1.1.1 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: http_path ++++ value: /../2 ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 1.1.1.1 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: http_path ++++ value: /../3 ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 1.1.1.1 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: http_path ++++ value: /../4 ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 1.1.1.1 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ eventscount: 4 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/http-path-traversal-probing ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.1 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 1.1.1.1 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ APIAlerts: ++++ - capacity: 3 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: http_path ++++ value: /../1 ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 1.1.1.1 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: http_path ++++ value: /../2 ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 1.1.1.1 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: http_path ++++ value: /../3 ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 1.1.1.1 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: http_path ++++ value: /../4 ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 1.1.1.1 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ eventscount: 4 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/http-path-traversal-probing ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 1.1.1.1 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 1.1.1.1 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" diff --cc hub1/scenarios/crowdsecurity/.tests/http-path-traversal-probing/config.yaml index 0000000,0000000,0000000,0000000..dc63817 new file mode 100644 --- /dev/null +++ b/hub1/scenarios/crowdsecurity/.tests/http-path-traversal-probing/config.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,8 @@@@@ ++++bucket_input: bucket_input.yaml #unused in our example ++++bucket_results: bucket_result.yaml #unused in our example ++++ ++++#configuration ++++index: "./config/hub/.index.json" ++++configurations: ++++ scenarios: ++++ - crowdsecurity/http-path-traversal-probing diff --cc hub1/scenarios/crowdsecurity/.tests/http-probing/bucket_input.yaml index 0000000,0000000,0000000,0000000..06b1776 new file mode 100644 --- /dev/null +++ b/hub1/scenarios/crowdsecurity/.tests/http-probing/bucket_input.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,99 @@@@@ ++++- Meta: ++++ service: http ++++ http_status: '404' ++++ source_ip: 8.8.8.8 ++++ http_path: "admin.php" ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++- Meta: ++++ service: http ++++ http_status: '403' ++++ source_ip: 8.8.8.8 ++++ http_path: ".git" ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++- Meta: ++++ service: http ++++ http_status: '403' ++++ source_ip: 8.8.8.8 ++++ http_path: ".htaccess" ++++ MarshaledTime: 2020-12-09T07:20:51.52Z ++++ Time: 2020-12-09T07:20:51.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++- Meta: ++++ service: http ++++ http_status: '404' ++++ source_ip: 8.8.8.8 ++++ http_path: "099.php" ++++ MarshaledTime: 2020-12-09T07:20:52.52Z ++++ Time: 2020-12-09T07:20:52.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++- Meta: ++++ service: http ++++ http_status: '404' ++++ source_ip: 8.8.8.8 ++++ http_path: "config.php" ++++ MarshaledTime: 2020-12-09T07:20:52.52Z ++++ Time: 2020-12-09T07:20:52.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++- Meta: ++++ service: http ++++ http_status: '404' ++++ source_ip: 8.8.8.8 ++++ http_path: "db.php" ++++ MarshaledTime: 2020-12-09T07:20:52.52Z ++++ Time: 2020-12-09T07:20:52.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++- Meta: ++++ service: http ++++ http_status: '403' ++++ source_ip: 8.8.8.8 ++++ http_path: "admin/index.php" ++++ MarshaledTime: 2020-12-09T07:20:52.52Z ++++ Time: 2020-12-09T07:20:52.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++- Meta: ++++ service: http ++++ http_status: '404' ++++ source_ip: 8.8.8.8 ++++ http_path: "test.php" ++++ MarshaledTime: 2020-12-09T07:20:53.52Z ++++ Time: 2020-12-09T07:20:53.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++- Meta: ++++ service: http ++++ http_status: '403' ++++ source_ip: 8.8.8.8 ++++ http_path: "backup.db" ++++ MarshaledTime: 2020-12-09T07:20:53.52Z ++++ Time: 2020-12-09T07:20:53.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++- Meta: ++++ service: http ++++ http_status: '404' ++++ source_ip: 8.8.8.8 ++++ http_path: "backup.db.tgz" ++++ MarshaledTime: 2020-12-09T07:20:53.52Z ++++ Time: 2020-12-09T07:20:53.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++- Meta: ++++ service: http ++++ http_status: '404' ++++ source_ip: 8.8.8.8 ++++ http_path: "backup.db.zip" ++++ MarshaledTime: 2020-12-09T07:20:53.52Z ++++ Time: 2020-12-09T07:20:53.363532653+01:00 ++++ Parsed: ++++ static_ressource: false diff --cc hub1/scenarios/crowdsecurity/.tests/http-probing/bucket_results.yaml index 0000000,0000000,0000000,0000000..130a93f new file mode 100644 --- /dev/null +++ b/hub1/scenarios/crowdsecurity/.tests/http-probing/bucket_results.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,338 @@@@@ ++++- Type: 1 ++++ Alert: ++++ MapKey: 2c836db1e2dbcfd4bb280f49ea2b4e7610dfc426 ++++ Reprocess: true ++++ Sources: ++++ 8.8.8.8: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 8.8.8.8 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 8.8.8.8 ++++ Alert: ++++ capacity: 10 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: http_path ++++ value: admin.php ++++ - key: http_status ++++ value: "404" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: http_path ++++ value: .git ++++ - key: http_status ++++ value: "403" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:51.52Z" ++++ - key: http_path ++++ value: .htaccess ++++ - key: http_status ++++ value: "403" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:51.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:52.52Z" ++++ - key: http_path ++++ value: 099.php ++++ - key: http_status ++++ value: "404" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:52.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:52.52Z" ++++ - key: http_path ++++ value: config.php ++++ - key: http_status ++++ value: "404" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:52.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:52.52Z" ++++ - key: http_path ++++ value: db.php ++++ - key: http_status ++++ value: "404" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:52.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:52.52Z" ++++ - key: http_path ++++ value: admin/index.php ++++ - key: http_status ++++ value: "403" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:52.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:53.52Z" ++++ - key: http_path ++++ value: test.php ++++ - key: http_status ++++ value: "404" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:53.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:53.52Z" ++++ - key: http_path ++++ value: backup.db ++++ - key: http_status ++++ value: "403" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:53.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:53.52Z" ++++ - key: http_path ++++ value: backup.db.tgz ++++ - key: http_status ++++ value: "404" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:53.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:53.52Z" ++++ - key: http_path ++++ value: backup.db.zip ++++ - key: http_status ++++ value: "404" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:53.363532653+01:00" ++++ eventscount: 11 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/http-probing ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 8.8.8.8 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 8.8.8.8 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ APIAlerts: ++++ - capacity: 10 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: http_path ++++ value: admin.php ++++ - key: http_status ++++ value: "404" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: http_path ++++ value: .git ++++ - key: http_status ++++ value: "403" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:51.52Z" ++++ - key: http_path ++++ value: .htaccess ++++ - key: http_status ++++ value: "403" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:51.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:52.52Z" ++++ - key: http_path ++++ value: 099.php ++++ - key: http_status ++++ value: "404" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:52.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:52.52Z" ++++ - key: http_path ++++ value: config.php ++++ - key: http_status ++++ value: "404" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:52.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:52.52Z" ++++ - key: http_path ++++ value: db.php ++++ - key: http_status ++++ value: "404" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:52.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:52.52Z" ++++ - key: http_path ++++ value: admin/index.php ++++ - key: http_status ++++ value: "403" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:52.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:53.52Z" ++++ - key: http_path ++++ value: test.php ++++ - key: http_status ++++ value: "404" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:53.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:53.52Z" ++++ - key: http_path ++++ value: backup.db ++++ - key: http_status ++++ value: "403" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:53.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:53.52Z" ++++ - key: http_path ++++ value: backup.db.tgz ++++ - key: http_status ++++ value: "404" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:53.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:53.52Z" ++++ - key: http_path ++++ value: backup.db.zip ++++ - key: http_status ++++ value: "404" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:53.363532653+01:00" ++++ eventscount: 11 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/http-probing ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 8.8.8.8 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 8.8.8.8 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" diff --cc hub1/scenarios/crowdsecurity/.tests/http-probing/config.yaml index 0000000,0000000,0000000,0000000..5bc3f65 new file mode 100644 --- /dev/null +++ b/hub1/scenarios/crowdsecurity/.tests/http-probing/config.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,8 @@@@@ ++++bucket_input: bucket_input.yaml #unused in our example ++++bucket_results: bucket_results.yaml #unused in our example ++++ ++++#configuration ++++index: "./config/hub/.index.json" ++++configurations: ++++ scenarios: ++++ - crowdsecurity/http-probing diff --cc hub1/scenarios/crowdsecurity/.tests/http-probing/po_input.yaml index 0000000,0000000,0000000,0000000..130a93f new file mode 100644 --- /dev/null +++ b/hub1/scenarios/crowdsecurity/.tests/http-probing/po_input.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,338 @@@@@ ++++- Type: 1 ++++ Alert: ++++ MapKey: 2c836db1e2dbcfd4bb280f49ea2b4e7610dfc426 ++++ Reprocess: true ++++ Sources: ++++ 8.8.8.8: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 8.8.8.8 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 8.8.8.8 ++++ Alert: ++++ capacity: 10 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: http_path ++++ value: admin.php ++++ - key: http_status ++++ value: "404" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: http_path ++++ value: .git ++++ - key: http_status ++++ value: "403" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:51.52Z" ++++ - key: http_path ++++ value: .htaccess ++++ - key: http_status ++++ value: "403" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:51.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:52.52Z" ++++ - key: http_path ++++ value: 099.php ++++ - key: http_status ++++ value: "404" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:52.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:52.52Z" ++++ - key: http_path ++++ value: config.php ++++ - key: http_status ++++ value: "404" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:52.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:52.52Z" ++++ - key: http_path ++++ value: db.php ++++ - key: http_status ++++ value: "404" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:52.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:52.52Z" ++++ - key: http_path ++++ value: admin/index.php ++++ - key: http_status ++++ value: "403" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:52.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:53.52Z" ++++ - key: http_path ++++ value: test.php ++++ - key: http_status ++++ value: "404" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:53.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:53.52Z" ++++ - key: http_path ++++ value: backup.db ++++ - key: http_status ++++ value: "403" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:53.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:53.52Z" ++++ - key: http_path ++++ value: backup.db.tgz ++++ - key: http_status ++++ value: "404" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:53.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:53.52Z" ++++ - key: http_path ++++ value: backup.db.zip ++++ - key: http_status ++++ value: "404" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:53.363532653+01:00" ++++ eventscount: 11 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/http-probing ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 8.8.8.8 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 8.8.8.8 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ APIAlerts: ++++ - capacity: 10 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: http_path ++++ value: admin.php ++++ - key: http_status ++++ value: "404" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: http_path ++++ value: .git ++++ - key: http_status ++++ value: "403" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:51.52Z" ++++ - key: http_path ++++ value: .htaccess ++++ - key: http_status ++++ value: "403" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:51.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:52.52Z" ++++ - key: http_path ++++ value: 099.php ++++ - key: http_status ++++ value: "404" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:52.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:52.52Z" ++++ - key: http_path ++++ value: config.php ++++ - key: http_status ++++ value: "404" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:52.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:52.52Z" ++++ - key: http_path ++++ value: db.php ++++ - key: http_status ++++ value: "404" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:52.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:52.52Z" ++++ - key: http_path ++++ value: admin/index.php ++++ - key: http_status ++++ value: "403" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:52.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:53.52Z" ++++ - key: http_path ++++ value: test.php ++++ - key: http_status ++++ value: "404" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:53.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:53.52Z" ++++ - key: http_path ++++ value: backup.db ++++ - key: http_status ++++ value: "403" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:53.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:53.52Z" ++++ - key: http_path ++++ value: backup.db.tgz ++++ - key: http_status ++++ value: "404" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:53.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:53.52Z" ++++ - key: http_path ++++ value: backup.db.zip ++++ - key: http_status ++++ value: "404" ++++ - key: service ++++ value: http ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:53.363532653+01:00" ++++ eventscount: 11 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 10s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/http-probing ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 8.8.8.8 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 8.8.8.8 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" diff --cc hub1/scenarios/crowdsecurity/.tests/http-sensitive-files/bucket_input.yaml index 0000000,0000000,0000000,0000000..6f9b1ae new file mode 100644 --- /dev/null +++ b/hub1/scenarios/crowdsecurity/.tests/http-sensitive-files/bucket_input.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,102 @@@@@ ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test.php ++++ target_fqdn: www.test.com ++++ request: /foobar.sql ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test.php ++++ target_fqdn: www.test.com ++++ request: /foobar.sql.gz ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test.php ++++ target_fqdn: www.test.com ++++ request: /foobar.sql.tar ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test.php ++++ target_fqdn: www.test.com ++++ request: /foobar.sql.bzip2 ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test.php ++++ target_fqdn: www.test.com ++++ request: /foobar.sql.zip ++++#this one won't ++++- Meta: ++++ source_ip: 1.1.1.1 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test.php ++++ target_fqdn: www.test.com ++++ request: /foobar.sql.zip ++++- Meta: ++++ source_ip: 1.1.1.1 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test.php ++++ target_fqdn: www.test.com ++++ request: /foobar.sql.zip ++++- Meta: ++++ source_ip: 1.1.1.1 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test.php ++++ target_fqdn: www.test.com ++++ request: /foobar.sql.zip ++++- Meta: ++++ source_ip: 1.1.1.1 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test.php ++++ target_fqdn: www.test.com ++++ request: /foobar.sql.zip ++++- Meta: ++++ source_ip: 1.1.1.1 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test.php ++++ target_fqdn: www.test.com ++++ request: /foobar.sql.zip ++++ diff --cc hub1/scenarios/crowdsecurity/.tests/http-sensitive-files/bucket_results.yaml index 0000000,0000000,0000000,0000000..f34942f new file mode 100644 --- /dev/null +++ b/hub1/scenarios/crowdsecurity/.tests/http-sensitive-files/bucket_results.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,153 @@@@@ ++++- Type: 1 ++++ Alert: ++++ MapKey: 8ab0744e663ec6c704e1a79c881f23c68975aa3e ++++ Sources: ++++ 8.8.8.8: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 8.8.8.8 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 8.8.8.8 ++++ Alert: ++++ capacity: 4 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ eventscount: 5 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 5s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/http-sensitive-files ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 8.8.8.8 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 8.8.8.8 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ APIAlerts: ++++ - capacity: 4 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ eventscount: 5 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 5s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/http-sensitive-files ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 8.8.8.8 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 8.8.8.8 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" diff --cc hub1/scenarios/crowdsecurity/.tests/http-sensitive-files/config.yaml index 0000000,0000000,0000000,0000000..ff72a7c new file mode 100644 --- /dev/null +++ b/hub1/scenarios/crowdsecurity/.tests/http-sensitive-files/config.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,8 @@@@@ ++++bucket_input: bucket_input.yaml ++++bucket_results: bucket_results.yaml ++++ ++++#configuration ++++index: "./config/hub/.index.json" ++++configurations: ++++ scenarios: ++++ - crowdsecurity/http-sensitive-files diff --cc hub1/scenarios/crowdsecurity/.tests/http-sqli-probing/bucket_input.yaml index 0000000,0000000,0000000,0000000..798c70d new file mode 100644 --- /dev/null +++ b/hub1/scenarios/crowdsecurity/.tests/http-sqli-probing/bucket_input.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,222 @@@@@ ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test.php ++++ target_fqdn: www.test.com ++++ http_args: "foobar=SLEEP%281)" ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test.php ++++ target_fqdn: www.test.com ++++ http_args: "foobar=SLEEP%282)" ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test.php ++++ target_fqdn: www.test.com ++++ http_args: "foobar=SLEEP%283)" ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test.php ++++ target_fqdn: www.test.com ++++ http_args: "foobar=SLEEP%284)" ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test.php ++++ target_fqdn: www.test.com ++++ http_args: "foobar=SLEEP%285)" ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test.php ++++ target_fqdn: www.test.com ++++ http_args: "foobar=SLEEP%286)" ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test.php ++++ target_fqdn: www.test.com ++++ http_args: "foobar=SLEEP%287)" ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test.php ++++ target_fqdn: www.test.com ++++ http_args: "foobar=SLEEP%288)" ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test.php ++++ target_fqdn: www.test.com ++++ http_args: "foobar=SLEEP%289)" ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test.php ++++ target_fqdn: www.test.com ++++ http_args: "foobar=SLEEP%2810)" ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test.php ++++ target_fqdn: www.test.com ++++ http_args: "foobar=SLEEP%2811)" ++++#this one won't (non distinct) ++++- Meta: ++++ source_ip: 1.1.1.1 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test.php ++++ target_fqdn: www.test.com ++++ http_args: "foobar=SLEEP%2811)" ++++- Meta: ++++ source_ip: 1.1.1.1 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test.php ++++ target_fqdn: www.test.com ++++ http_args: "foobar=SLEEP%2811)" ++++- Meta: ++++ source_ip: 1.1.1.1 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test.php ++++ target_fqdn: www.test.com ++++ http_args: "foobar=SLEEP%2811)" ++++- Meta: ++++ source_ip: 1.1.1.1 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test.php ++++ target_fqdn: www.test.com ++++ http_args: "foobar=SLEEP%2811)" ++++- Meta: ++++ source_ip: 1.1.1.1 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test.php ++++ target_fqdn: www.test.com ++++ http_args: "foobar=SLEEP%2811)" ++++- Meta: ++++ source_ip: 1.1.1.1 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test.php ++++ target_fqdn: www.test.com ++++ http_args: "foobar=SLEEP%2811)" ++++- Meta: ++++ source_ip: 1.1.1.1 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test.php ++++ target_fqdn: www.test.com ++++ http_args: "foobar=SLEEP%2811)" ++++- Meta: ++++ source_ip: 1.1.1.1 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test.php ++++ target_fqdn: www.test.com ++++ http_args: "foobar=SLEEP%2811)" ++++- Meta: ++++ source_ip: 1.1.1.1 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test.php ++++ target_fqdn: www.test.com ++++ http_args: "foobar=SLEEP%2811)" ++++- Meta: ++++ source_ip: 1.1.1.1 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test.php ++++ target_fqdn: www.test.com ++++ http_args: "foobar=SLEEP%2811)" ++++- Meta: ++++ source_ip: 1.1.1.1 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test.php ++++ target_fqdn: www.test.com ++++ http_args: "foobar=SLEEP%2811)" ++++ diff --cc hub1/scenarios/crowdsecurity/.tests/http-sqli-probing/bucket_results.yaml index 0000000,0000000,0000000,0000000..225365d new file mode 100644 --- /dev/null +++ b/hub1/scenarios/crowdsecurity/.tests/http-sqli-probing/bucket_results.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,249 @@@@@ ++++- Type: 1 ++++ Alert: ++++ MapKey: 15f3bf22c6e11686b7d9e1fd0bc18a02e629dd27 ++++ Sources: ++++ 8.8.8.8: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 8.8.8.8 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 8.8.8.8 ++++ Alert: ++++ capacity: 10 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ eventscount: 11 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 1s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/http-sqli-probbing-detection ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 8.8.8.8 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 8.8.8.8 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ APIAlerts: ++++ - capacity: 10 ++++ createdat: "" ++++ decisions: [] ++++ events: ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ - meta: ++++ - key: MarshaledTime ++++ value: "2020-12-09T07:20:50.52Z" ++++ - key: log_type ++++ value: http_access-log ++++ - key: source_ip ++++ value: 8.8.8.8 ++++ timestamp: "2020-12-09T07:20:50.363532653+01:00" ++++ eventscount: 11 ++++ id: 0 ++++ labels: [] ++++ leakspeed: 1s ++++ machineid: "" ++++ message: "" ++++ meta: [] ++++ remediation: true ++++ scenario: crowdsecurity/http-sqli-probbing-detection ++++ scenariohash: "" ++++ scenarioversion: "" ++++ simulated: false ++++ source: ++++ asname: "" ++++ asnumber: "" ++++ cn: "" ++++ ip: 8.8.8.8 ++++ latitude: 0 ++++ longitude: 0 ++++ range: "" ++++ scope: Ip ++++ value: 8.8.8.8 ++++ startat: "0001-01-01T00:00:00Z" ++++ stopat: "0001-01-01T00:00:00Z" ++++ MarshaledTime: "0001-01-01T00:00:00Z" diff --cc hub1/scenarios/crowdsecurity/.tests/http-sqli-probing/config.yaml index 0000000,0000000,0000000,0000000..52d0051 new file mode 100644 --- /dev/null +++ b/hub1/scenarios/crowdsecurity/.tests/http-sqli-probing/config.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,7 @@@@@ ++++bucket_input: bucket_input.yaml ++++bucket_results: bucket_results.yaml ++++#configuration ++++index: "./config/hub/.index.json" ++++configurations: ++++ scenarios: ++++ - crowdsecurity/http-sqli-probing diff --cc hub1/scenarios/crowdsecurity/.tests/http-xss-probing/bucket_input.yaml index 0000000,0000000,0000000,0000000..3973177 new file mode 100644 --- /dev/null +++ b/hub1/scenarios/crowdsecurity/.tests/http-xss-probing/bucket_input.yaml @@@@@ -1,0 -1,0 -1,0 -1,0 +1,128 @@@@@ ++++- Meta: ++++ source_ip: 8.8.8.8 ++++ log_type: http_access-log ++++ MarshaledTime: 2020-12-09T07:20:50.52Z ++++ Time: 2020-12-09T07:20:50.363532653+01:00 ++++ Parsed: ++++ static_ressource: false ++++ file_name: test.php ++++ target_fqdn: www.test.com ++++ http_args: "